Web Application Security
Re: Directory Scanner Feb 14 2012 07:38AM
Taras (oxdef oxdef info)
IMHO, the topic starter need to answer on the one question: what risk do
I want to reduce? Risk of unathorized access to these *private* PDF
documents? Ok, you need to implement authorization to access these pages.

09.02.2012 16:36, Vedantam Sekhar пиÑ?еÑ?:
> Hi,
>
> Probably you can implement authentication to these pages, if you want
> specific users can access these pages.
> or probably, you can block the IP for specific time period after un
> successfull requests to non-eisting files.
>
> Thanks,
>
> Sekhar
>
> On Tue, Feb 7, 2012 at 11:19 PM, Thugzclub Thugzclub
> <thugzclub (at) googlemail (dot) com [email concealed]> wrote:
>> A question:
>>
>> Given a website URL like the below :
>>
>> http://www.companywebsite.com/resources/resources/whitepapers/document_1
_wp.pdf
>> http://www.companywebsite.com/resources/resources/whitepapers/document_a
rbinatryname__wp.pdf
>>
>> How can I protect somebody from enumerating the list of file on this
>> "whitepapers" directory ? What tool can I use to make sure that I am
>> adequately protected against this ?
>> Cheers
>>
>> ------------------------------------------------------------------------

>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------

>>
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

--
Taras
http://oxdef.info

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus