====== Directory Scanning Attack ======

An attempt to scan and discern the layout or file structure of a web site or application for further attacks.

===== Exploited Vulnerability =====

  * [[security:risk:common_file_name|Common file name]]
  * [[security:risk:data_in_web_root|Sensitive data in web root]]
  * [[security:risk:online_backup|Online (in web root) backup]]
  * [[security:risk:web_application_fingerprint|Application fingerprinting]]

===== Remedy ====

Choose a non-obvious, non-trivial, or hard to guess file layout structure.

===== Additional information. =====

  * See [[security:web application security]] and [[catalog|security attacks catalog]].