rizvinazish wrote: ↑
Tue Mar 31, 2020 6:17 am
I got the following issues from my security department.
Unrestricted API Access/User Enumeration
And what can they do once they know how many users or files exist? It also seems to me that the number of users is available in online statistics so there is no need to make much effort. Certain techniques only serve to understand how interesting an eventual attack could be, which would surely fail anyway.
An attacker can use enumeration methods to get a picture of whether or how a target can respond to system hacking activities. By uncovering information on whether or how a defender can respond will allow the attacker to modify their attack accordingly to make their activity more productive.