Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
web.xml
Java Web Application Deployment Descriptor
What an attacker could do
The Java deployment descriptor exposes servlet mappings, security constraints, and sometimes credentials or internal endpoints, helping an attacker enumerate hidden functionality and bypass access controls.
How to defend it
Ensure the WEB-INF directory remains protected by the servlet container (it is non-served by spec) and remove any credentials from the descriptor, storing them in JNDI or environment variables.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation