Hello...
I have finally, finally managed to put WAMP Server 3.2.6 64 bit on line and I can access the website that I'm hosting via https over the public internet. I have current security certificates from Let's Encrypt via certbot and to tell you the honest truth, I'm feeling pretty good about myself.
I was doing some superficial security checking and I discovered that I could access two files through the Microsoft Edge web browser, Composer.json and composer.lock and that I could manipulate the contents of these two files and that's no good. What I did was to edit the properties of these two files by way of the file's properties. By denying all access to Users and Authenticated Users I was able to deny access to the composer.json file but not the composer.lock file.
My question is how do I deny access to the composer.lock file.
Later I'll be attempting to attack the website using more sophisticated penetration tools that are native to the Kali Linux OS. Oh, the places you'll go and the things that you'll see and do! But I thought that it would be good to secure the website from elementary attacks. If you have any insight concerning this issue I would appreciate hearing what you have to say.
Thank you in advance for your kind attention in this matter and the very best regards...
I have finally, finally managed to put WAMP Server 3.2.6 64 bit on line and I can access the website that I'm hosting via https over the public internet. I have current security certificates from Let's Encrypt via certbot and to tell you the honest truth, I'm feeling pretty good about myself.
I was doing some superficial security checking and I discovered that I could access two files through the Microsoft Edge web browser, Composer.json and composer.lock and that I could manipulate the contents of these two files and that's no good. What I did was to edit the properties of these two files by way of the file's properties. By denying all access to Users and Authenticated Users I was able to deny access to the composer.json file but not the composer.lock file.
My question is how do I deny access to the composer.lock file.
Later I'll be attempting to attack the website using more sophisticated penetration tools that are native to the Kali Linux OS. Oh, the places you'll go and the things that you'll see and do! But I thought that it would be good to secure the website from elementary attacks. If you have any insight concerning this issue I would appreciate hearing what you have to say.
Thank you in advance for your kind attention in this matter and the very best regards...