DefenseCode

Common File Name

Risk type:INFORMATIONAL

Description:

Programmers and/or administrators often use common descriptive filenames and directory structures that could allow an attacker to get valuable information and knowledge about targeted system.

Example:

Using "/database/" directory (URI) could allow an attacker easier penetration of your databases.

Mitigation:

  • Do not use easily guessable filenames and directories.
  • Do not make your directory/application hierarchy obviously designed.
  • Configure file permissions carefully.