WebApp Sec mailing list archives

Re: Directory Scanner

From: Taras <oxdef () oxdef info>
Date: Tue, 14 Feb 2012 11:38:45 +0400

IMHO, the topic starter need to answer on the one question: what risk doI want to reduce? Risk of unathorized access to these *private* PDFdocuments? Ok, you need to implement authorization to access these pages.



09.02.2012 16:36, Vedantam Sekhar пишет:

Hi,

Probably you can implement authentication to these pages, if you want
specific users can access these pages.
or probably, you can block the IP for specific time period after un
successfull requests to non-eisting files.

Thanks,

Sekhar

On Tue, Feb 7, 2012 at 11:19 PM, Thugzclub Thugzclub
<thugzclub () googlemail com>  wrote:

A question:

Given a website URL like the below :

http://www.companywebsite.com/resources/resources/whitepapers/document_1_wp.pdf
http://www.companywebsite.com/resources/resources/whitepapers/document_arbinatryname__wp.pdf

How can I protect somebody from enumerating the list of file on this
"whitepapers" directory ?  What tool can I use to make sure that I am
adequately protected against this ?
Cheers

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------



--
Taras
http://oxdef.info



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.

Request Yours Now!http://www.cenzic.com/2009HClaunch_Securityfocus

--------------------------------------

Current thread:

Re: Directory Scanner Vedantam Sekhar (Feb 12)
- Re: Directory Scanner Taras (Feb 14)
- <Possible follow-ups>
- Re: Directory Scanner Alexander Pick (Feb 12)
  - SECURITY TOOLS TREE mc (Feb 12)
    - Re: SECURITY TOOLS TREE Christopher Siedlecki (Feb 12)
    - Message not available
    - Re: SECURITY TOOLS TREE Vedantam Sekhar (Feb 12)
    - Re: SECURITY TOOLS TREE synja (Feb 12)
  - RE: Directory Scanner Calderon, Juan Carlos (GE, Corporate, consultant) (Feb 13)
    - Message not available
    - RE: Directory Scanner Calderon, Juan Carlos (GE, Corporate, consultant) (Feb 15)
    - Message not available
    - RE: Directory Scanner Calderon, Juan Carlos (GE, Corporate, consultant) (Feb 15)