Cloud meta data potentially exposed - Pen. testing

PrettyGirl · November 1, 2023, 10:34am

These are from ZAP pen testing software in attack mode. I see it says confidence is low and the output response says HTTP/1.1 301 Moved Permanently, so hope everything is alright?

1. Cloud meta data potentially exposed

Response header

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 01 Nov 2023 10:10:17 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://examplesite.com/latest/meta-data/
Strict-Transport-Security: max-age=63072000

2. Hidden file found www.mysite.com/.hg

What other tests that I can do to get a confirmation?

Falco · November 1, 2023, 4:29pm

Results from off-the-shelf penetration test software are mostly garbage and it’s a waste of everyone’s time to explain every single false positive.

If you find an actual security issue with reproducible steps please report at HackerOne.

PrettyGirl · November 2, 2023, 12:40am

Thank you for the reply.

Is there any recommended pen testing software/websites?

I noticed the one you mentioned HackerOne also does pen testing as a service. Is it owned by or linked/affiliated to discourse or any of the team members?

Falco · November 2, 2023, 12:47am

We pay for HackerOne to handle our security reports and triage bogus reports, like those from pen testing software. There is no affiliation between CDCK and H1.

PrettyGirl · November 2, 2023, 12:55am

Thank you for the prompt reply.

Topic		Replies	Views
Error 521 after latest update due to CloudFlare settings Installation	19	2577	May 19, 2020
Email SSL Errors after Update to 2.4.0.beta4 Installation email	16	2817	November 27, 2019
Let's encrypt not renewing Bug	2	1138	March 31, 2017
Test for valid cert to enable force_https is broken, leaving it off when it should be on Bug	12	975	October 27, 2021
3.0.0.beta16: Security release Announcements release-notes	0	1541	January 5, 2023

Cloud meta data potentially exposed - Pen. testing

Related topics