Sensitive Data: Microsoft Access Database File - Detect¶

Identifier: mdb_database_file

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Microsoft Access database files exposed on web servers can contain sensitive data and should not be publicly accessible.

How we test: We test for exposed Microsoft Access database files by attempting to access .mdb files and analyzing responses to detect if database files are accessible without proper authorization.

Reference:

https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  mdb_database_file:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.