Forced Browsing
Some sites may drop the current user session when you request a non-existing resource, or redirect you to the login page. Forced Browsing is a security check in which the web vulnerability scanner attempts to itemize and access resources that are not linked from the web application, but are still accessible. If resources such as backup files and admin portals are discovered, they could assist an attacker to craft an attack against your website.
The Forced Browsing attacks in Acunetix 360 are handled by the Resource Finder module.
The Forced Browsing check is enabled by default.
How to Disable the Forced Browsing Security Check in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, select Policies > New Scan Policy.
- Select Security Checks, then the Resource Finder drop-down.
- Deselect the Forced Browsing checkbox. (You can also specify a Resource Finder Limit.)
- Click Save.
You can customize a list of keywords for forced browsing. To do so, you can either update the existing list that Netsparker Enterprise has or replace it.
- From the main menu, select Policies > New Scan Policy.
- Select Security Checks, then the Resource Finder drop-down.
- In the Wordlist Entries field, enter new entries and/or edit the existing entries.
- Select Save.