Skip to content

Sensitive Data: Exposed JSON Configuration Files

Identifier: config_json_exposure_fuzz

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Exposed JSON configuration files can contain sensitive information including API keys, access tokens, AWS credentials, database configurations, and application settings that should not be publicly accessible.

How we test: We test for exposed JSON configuration files by attempting to access common configuration file paths and analyzing responses to detect if sensitive configuration data is exposed.

Configuration

Example

Example configuration:

---
security_tests:
  config_json_exposure_fuzz:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.