Information leakage
Information leakage is a flaw where the sensitive and critical information related to the application and server is exposed. The web application should not reveal any system-related information to the end user as a malicious user could learn about the inner working of the application and the server. Information leakage is one of the most basic flaws and can be easily avoided. Sensitive data such as the underlying technical details of the web application and environment-related information has to be closely guarded and the application developer should avoid slippage of such details to the end user.
Directory browsing
The most common form of information leakage results due to improper configuration of the directory browsing function, which displays all the files under a directory when the index file is not configured. This misconfiguration could reveal much more information than intended. The first thing that is to be done is to remove files from web directories that are...
