Cloud meta data potentially exposed - Pen. testing

PrettyGirl · November 1, 2023, 10:34am

These are from ZAP pen testing software in attack mode. I see it says confidence is low and the output response says HTTP/1.1 301 Moved Permanently, so hope everything is alright?

1. Cloud meta data potentially exposed

Response header

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 01 Nov 2023 10:10:17 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://examplesite.com/latest/meta-data/
Strict-Transport-Security: max-age=63072000

2. Hidden file found www.mysite.com/.hg

What other tests that I can do to get a confirmation?

Falco · November 1, 2023, 4:29pm

Results from off-the-shelf penetration test software are mostly garbage and it’s a waste of everyone’s time to explain every single false positive.

If you find an actual security issue with reproducible steps please report at HackerOne.

PrettyGirl · November 2, 2023, 12:40am

Thank you for the reply.

Is there any recommended pen testing software/websites?

I noticed the one you mentioned HackerOne also does pen testing as a service. Is it owned by or linked/affiliated to discourse or any of the team members?

Falco · November 2, 2023, 12:47am

We pay for HackerOne to handle our security reports and triage bogus reports, like those from pen testing software. There is no affiliation between CDCK and H1.

PrettyGirl · November 2, 2023, 12:55am

Thank you for the prompt reply.

Topic		Replies	Views
Post content preview not working Site feedback	6	1315	July 26, 2018
Google Speed Test - Enable Compression Support	7	1507	January 10, 2018
Security Advisory regarding group messages title and participants being leaked within a 30 minutes window General	2	786	September 22, 2021
Structured data error Bug pr-welcome	8	1249	July 21, 2022
Checking your domain name Failed Installation	0	295	May 5, 2023

Cloud meta data potentially exposed - Pen. testing

Related Topics