SUPPORT

Contact Support

OPEN A TICKET

Forced Browsing

Forced Browsing is a security check in which the web vulnerability scanner attempts to itemize and access resources that are not linked from the web application, but are still accessible. If resources such as backup files and admin portals are discovered, they could assist an attacker to craft an attack against your website.

Some sites may drop the current user session when you request a non-existing resource or redirect you to the login page.

The Forced Browsing attacks in Netsparker are handled by the Resource Finder module.

The Forced Browsing check is enabled by default.

How to Disable the Forced Browsing Security Check in Netsparker Enterprise
  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Policies > New Scan Policy.
  3. Select Security Checks, then the Resource Finder drop-down.

Forced Browsing in Netsparker Enterprise

  1. Deselect the Forced Browsing checkbox. (You can also specify a Resource Finder Limit.)
  2. Select Save.

You can customize a list of keywords for forced browsing. To do so, you can either update the existing list that Netsparker Enterprise has or replace it.

  1. From the main menu, select Policies > New Scan Policy
  2. Select Security Checks, then the Resource Finder drop-down.
  3. In the Wordlist Entries field, enter new entries and/or edit the existing entries.
  4. Select Save.

You can also take similar actions in Netsparker Standard.

How to Disable the Forced Browsing Security Check in Netsparker Standard
  1. Open Netsparker Standard.
  2. Select Scan Policy Editor in the Home tab.
  3. Select Security Checks, then the Resource Finder drop-down.

Forced Browsing in Netsparker Standard

  1. Deselect the Forced Browsing checkbox. (You can also specify a Resource Finder Limit.)
  2. Select OK.

You can customize a list of keywords for forced browsing. To do so, you can either update the existing list that Netsparker has or replace it.

How to Add Your Own Forced Browsing Keyword List in Netsparker Standard
  1. Open Netsparker Standard.
  2. From the Home tab, select Scan Policy Editor.
  3. Select Security Checks, then the Resource Finder drop-down
  4. Select Forced Browsing.
  5. Select ellipsis in the Wordlist Entries to edit the list.

You can edit Wordlist Entries in Netsparker Standard

  1. In the String Collection Editor, enter the relevant strings.
  2. Select OK.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo