Web application security - the fast guide 1.1

Chapter 4 - Be the attacker P a g e | 78 4.12 Map Proofing Application After discovering the amount of information leakage from everywhere in your application, application structure, usage and users, you might think that you need to stop providing many services. but after all it is always about finding the right balance between security from one side and functionality and usability from the other. To fulfill this balance, administrator and application developer can benefit from a list of simple tips that might minimize the information leakage to an acceptable limit: 1- Hide your directories contents and structures: a. If you are using IIS, minimize information leakage by limiting the content of location header. To prevent the default behavior of sending the server ip you can modify the IIS metabase using the adsutl.vbs script installed by default in the folder Inetpub\adminscripts in windows systems. C:\Inetpub\adminscripts\adsutil.vbs set w3svc/UseHostName True C:\Inetpub\adminscripts\net start w3svc if you are using Apache server you can stop directory enumeration by deactivating the (mod_dir) as follow

Web application security - the fast guide 1.1 | Page 78