Sensitive Files Exposure Assertion

The Sensitive Files Exposure assertion checks whether ReadyAPI can access sensitive files by checking the HTTP status code it has got from the server. The list of sensitive files is provided in the configuration of the Sensitive Files Exposure security scan.

The security scan works by replacing parts of the resource path with the file paths specified in the scan configuration. Results depend on the list of status codes specified in the assertion configuration as a list of comma-separated values.

Sensitive Files Exposure Assertion: Scan results

Availability

The assertion is available only in security tests. Use this assertion with the Sensitive Files Exposure security scan.

Create an assertion

Follow these steps:

create-secure.png
  1. Open a security test.

  2. Click Response Assertion next to the Sensitive Files Exposure scan.

  3. Click Plus in the Assertions panel

In the New Assertions dialog, search for the Sensitive Files Exposure assertion or select it manually in the Security category.

Configuration

Sensitive Files Exposure Assertion: Configure the assertion
  • The assertion fails if the server returns one of the status codes specified in the Error codes field (default value: 200).

  • The assertion will return a warning if the server returns one of the status codes specified in the Warning codes field (default value: 401,403).

Other Security Assertions

Add more assertions to ensure the security of the tested service:

See Also

Publication date: