Django Default Homepage Enabled
Detection of Django default homepage enabled misconfiguration, exposing sensitive information and indicating a potential security risk.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the APIs to be tested. In this case, the filters include the response code range (between 200 and 299) and the extraction of the URL variable.
The execute section defines the type of request to be executed. In this template, it is set to "single", indicating that a single request will be made. The request is modified using the "modify_url" action, which likely allows for dynamic modification of the URL based on the extracted URL variable.
The validation section specifies the validation criteria for the response payload. In this template, the response payload is checked to contain either the string "The install worked successfully! Congratulations!". This ensures that the default homepage is enabled and indicates a potential security risk if found.
Frequently asked questions
What is the purpose of the Django Default Homepage Enabled test
How does the test determine if the default homepage is enabled
What information can be exposed if the default homepage is accessible
What category and severity level does this misconfiguration fall under
Why is it crucial to disable the default homepage in production environments
Are there any references or resources available for further information on this test