Cloud meta data potentially exposed - Pen. testing

These are from ZAP pen testing software in attack mode. I see it says confidence is low and the output response says HTTP/1.1 301 Moved Permanently, so hope everything is alright?

1. Cloud meta data potentially exposed

Response header

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 01 Nov 2023 10:10:17 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Strict-Transport-Security: max-age=63072000

2. Hidden file found

What other tests that I can do to get a confirmation?

Results from off-the-shelf penetration test software are mostly garbage and it’s a waste of everyone’s time to explain every single false positive.

If you find an actual security issue with reproducible steps please report at HackerOne.


Thank you for the reply.

Is there any recommended pen testing software/websites?

I noticed the one you mentioned HackerOne also does pen testing as a service. Is it owned by or linked/affiliated to discourse or any of the team members?

We pay for HackerOne to handle our security reports and triage bogus reports, like those from pen testing software. There is no affiliation between CDCK and H1.


Thank you for the prompt reply.