Sensitive Files Exposure Assertion

Applies to ReadyAPI 3.10, last modified on October 07, 2021

The Sensitive Files Exposure assertion checks whether ReadyAPI can access sensitive files by checking the HTTP status code it has got from the server. The list of sensitive files is provided in the configuration of the Sensitive Files Exposure security scan.

The security scan works by replacing parts of the resource path by the file paths specified in the scan configuration. The assertion fails if the server returns the 200 OK status code. If the status code is informative (401 or 403), the assertion will return a warning.

Sensitive Files Exposure Assertion: Scan results

Click the image to enlarge it.


The assertion is available only in security tests. Use this assertion with the Sensitive Files Exposure security scan.

Create an assertion

Follow these steps:

Security tests: The Assertions panel

Click the image to enlarge it.

  1. Open a security test.

  2. Click Response Assertion next to the Sensitive Files Exposure scan.

  3. Click in the Assertions panel

In the New Assertions dialog, search for the Sensitive Files Exposure assertion or select it manually in the Security category.

See Also

Security Assertions
Weak Password Assertion
Sensitive Information Exposure Assertion
Cross Site Scripting Assertion
Basic Authorization Assertion

Highlight search results