Information Disclosure by Test, Old and Backup Files OWASP

Information disclosure by test, old and backup files that are not required for the application. This is one of the security vulnerability with info risk. We need to remove the unwanted test files. old files and backup files. Backup files and test files keep outside fo the application. Keep a very clean application folder structure.

 

Test / Sample Files Remove

For testing / debug purpose test/sample files will be created and forgot to delete them after completion of the testing. Security functionalities may not be added to the test/sample files so keeping those files in the application leads security vulnerable.

Solution

Remove all sample or testing files from the application if not using at all in the application.

Ex: helloworld.jsp, sample.jsp, sample.js, sample.jpg etc..

 

Backup Files Remove

While project enhancement, we may take the files backup by renaming the file in the same location. It’s a bad habit to do so. You need to take the backup of the original file into backup location which is outside of the application. Once you take the backup then you can edit the file directly. If something goes wrong then replace the file from the backup location

Example:

AddUser_bkp.jsp,

ServerConfi_bkp_2020.JSP

logo_bkp_12.jpg

 

Advantages by deleting backup files

1. We can avoid security issues

2. We can make application vulnerable free

3. We can avoid the misconfiguration of the files like by renaming the backup file original file by mistakenly

4. We can avoid confusion

5. We can maintain the application very clean.

6. We can decrease application size.

 

 

 

Old Files Remove

Remove old files that are not suing at all the entire application. so keeping them in the application leads security vulnerable.

Advantages By deleting old files

1. We can avoid security issues

2. We can make application vulnerable free

3. We can save space and decrease application size

4. We can avoid the misconfiguration of the files.