CAPEC-87: Forceful Browsing
ID
CAPEC-87
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.
Weaknesses
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
WASC | 34 | Predictable Resource Location |
OWASP Attacks | Forced browsing |