These are from ZAP pen testing software in
attack mode. I see it says confidence is low and the output response says
HTTP/1.1 301 Moved Permanently, so hope everything is alright?
1. Cloud meta data potentially exposed
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Nov 2023 10:10:17 GMT
2. Hidden file found
What other tests that I can do to get a confirmation?
Results from off-the-shelf penetration test software are mostly garbage and it’s a waste of everyone’s time to explain every single false positive.
If you find an actual security issue with reproducible steps please report at HackerOne.
Thank you for the reply.
Is there any recommended pen testing software/websites?
I noticed the one you mentioned
HackerOne also does pen testing as a service. Is it owned by or linked/affiliated to discourse or any of the team members?
We pay for HackerOne to handle our security reports and triage bogus reports, like those from pen testing software. There is no affiliation between CDCK and H1.
Thank you for the prompt reply.