Certified Application Security Engineer – Java (CASE-Java) — Question 4

Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?

Answer options

• A. < int-param > < param-name>directory-listings < param-value>true < /init-param >
• B. < int param > < param-name>directory-listings < param-value>false < /init-param >
• C. < int-param > < param-name>listings < param-value>true < /init-param >
• D. < int-param > < param-name>listings < param-value>false < /init-param >

Correct answer: B

Explanation

The correct answer is B, as setting directory-listings to false prevents users from viewing the directory structure and file names, thus mitigating the risk of unauthorized access to hidden script files. Options A and C enable directory listings, which increases the security risk, while option D does not specify the correct parameter for controlling directory access and may not provide the intended protection.