Information Disclosure by Test, Old and Backup Files OWASP
Table of Contents
Information disclosure by test, old and backup files that are not required for the application. This is one of the security vulnerability with info risk. We need to remove the unwanted test files. old files and backup files. Backup files and test files keep outside fo the application. Keep a very clean application folder structure.
Test / Sample Files Remove
For testing / debug purpose test/sample files will be created and forgot to delete them after completion of the testing. Security functionalities may not be added to the test/sample files so keeping those files in the application leads security vulnerable.
Solution
Remove all sample or testing files from the application if not using at all in the application.
Ex: helloworld.jsp, sample.jsp, sample.js, sample.jpg etc..
Backup Files Remove
While project enhancement, we may take the files backup by renaming the file in the same location. It’s a bad habit to do so. You need to take the backup of the original file into backup location which is outside of the application. Once you take the backup then you can edit the file directly. If something goes wrong then replace the file from the backup location
Example:
AddUser_bkp.jsp,
ServerConfi_bkp_2020.JSP
logo_bkp_12.jpg
Advantages by deleting backup files
1. We can avoid security issues
2. We can make application vulnerable free
3. We can avoid the misconfiguration of the files like by renaming the backup file original file by mistakenly
4. We can avoid confusion
5. We can maintain the application very clean.
6. We can decrease application size.
Old Files Remove
Remove old files that are not suing at all the entire application. so keeping them in the application leads security vulnerable.
Advantages By deleting old files
1. We can avoid security issues
2. We can make application vulnerable free
3. We can save space and decrease application size
4. We can avoid the misconfiguration of the files.
Hello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is my web technologies blog. My specialties are Java / J2EE, Spring, Hibernate, Struts, Webservices, PHP, Oracle, MySQL, SQLServer, Web Hosting, Website Development, and IAM(ForgeRock) Specialist
I am a self-learner and passionate about training and writing. I am always trying my best to share my knowledge through my blog.