Security Test: Directory listing¶
Description¶
Default Severity:
Directory listing happens when an attacker can view all the files in a directory on your server because the proper access restrictions aren't in place. This is dangerous because it can reveal sensitive files, internal configurations, or even credentials, giving attackers a map of where important or vulnerable resources might be hiding. It usually results from default settings or misconfigurations where directory browsing isn't disabled and developers forget to lock down unnecessary directories. If not fixed, attackers might use this information to plan further attacks, making it easier to compromise your system.
Configuration¶
Identifier:
configuration/directory_listing
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API1:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 2.2.5 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 548 |
| CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVSS Score | 5.3 |