Loading ...
Try HTTPCS +33 1 85 09 15 09

Directory Indexing (DI) vulnerability

What is a DI and how to prevent it?

Directory Indexing (also called Directory Browsing or Listing) consists in allowing visitors to access indexes.

14 days Free trial

No Commitment

OWASP ranking

What is a Directory Indexing vulnerability ?

Thus the user can view and download the content of a directory located on a server.

The danger comes from the total access the attacker may have to all the files present in the architecture of our web application. Users may access to informations, they usually can't get, such as configuration files. These ones contain information about the database or other third-party services used by the application, so it should not be exposed on the internet.

Security flaws

How to protect yourself against Directory Indexing vulnerabilities ?

The solution to this problem lies in the server. Just tell the web server not to list the directories. To do this, you must change the Apache configuration file and add the "Options -Indexes" option. You can also add this option in a ".htaccess" file, however you would rather change the configuration file directly.

Secure your sites

Example :

If you work on a Nginx server you must add the following lines in the configuration file:
location /{YOUR DIRECTORY} {
autoindex off;
}

Web Vulnerability Scanner of HTTPCS

How to detect TOP 10 OWASP vulnerabilities?

Detect security flaws on your website or web application thanks to the Web Vulnerability Scanner of HTTPCS. This online security tool allows you to detect any flaws you have (top 10 OWASP, CVE and other vulnerabilities implemented in the robot) to ensure the best protection of your site on a daily basis. Easily schedule automated audits, discover your vulnerabilities and find out what patches to apply to avoid being hacked.