Some sites may drop the current user session when you request a non-existing resource, or redirect you to the login page. Forced Browsing (Common Directories) is a security check in which the web vulnerability scanner attempts to itemize and access resources that are not linked from the web application, but are still accessible. If resources such as backup files and admin portals are discovered, they could assist an attacker to craft an attack against your website.
The Forced Browsing attacks in Acunetix 360 are handled by the Resource Finder module.
The Common Directories check is enabled by default.
How to Disable the Common Directories Security Check in Acunetix 360
- Log in to Acunetix 360.
- Click Policies, then New Scan Policy. The New Scan Policy window is displayed.
- Click Security Checks.
- Click the Resource Finder dropdown.
- Deselect the Common Directories checkbox. (You can also specify a Resource Finder Limit.)
- Click Save.