PortSwigger Lab: Source code disclosure via backup files
1 min read
Summary
The PortSwigger Web Security Academy is a valuable resource for learning about web security and penetration testing, and the “Source Code Disclosure via Backup Files” lab helps users to identify and access sensitive information that may be exposed in backup files on a web server.
This lab teaches users to use proxy tools such as FoxyProxy and Burp Suite to capture and analyse the traffic from the target website, and to use the information from the site map to explore the URL of the targets website in order to discover sensitive files.
The user is then required to use the information found in the lab scenario to discover a hard-coded password and submit it to complete the lab.
This lab is therefore a good introduction to the importance of source code security, and the risks associated with exposure of source code and sensitive data via backup files. The user is encouraged to use a variety of skills including the use of proxies, manual exploration and analysis of sources code and database passwords in order to complete the lab successfully.