The Sensitive Files Exposure assertion checks whether ReadyAPI can access sensitive files by checking the HTTP status code it has got from the server. The list of sensitive files is provided in the configuration of the Sensitive Files Exposure security scan.
The security scan works by replacing parts of the resource path by the file paths specified in the scan configuration. The assertion fails if the server returns the
200 OK status code. If the status code is informative (
403), the assertion will return a warning.
Create an assertion
Follow these steps:
Open a security test.
Click Response Assertion next to the Sensitive Files Exposure scan.
Click in the Assertions panel
In the New Assertions dialog, search for the Sensitive Files Exposure assertion or select it manually in the Security category.
Other Security Assertions
Add more assertions to ensure the security of the tested service: