SECURITY MISCONFIGURATION

Feature Value
Type Protection
Risk OWASP A6
Covered by Agent/Library

An attacker may access default accounts, unused pages, unpatched flaws, unprotected files and directories, etc. to gain information or unauthorized access to the system.

More information

How to solve it

The information flow control system implemented by Hdiv allows control of the resources (links and forms) exposed by the application, and prevents breaking the original contract from the server. In other words, even when the programmer does not use access control systems or ACL (Java EE or Spring Security) Hdiv is able to identify which resource is legally accessible by each user.