Forced Browsing


The application allows users to browse to resources that are not properly protected. Attackers may forcefully browse the application in order to uncover hidden resources. In other cases, an analysis of the platform or infrastructure may gives clues to attackers regarding how to find additional resoruces. This vulnerability is often the result of using a security by obscurity policy or not properly implementing authorization rules.

Custom Description


Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply