V-002 - HTTP Exposure Probing
Related Risk
Target Controls
Objective
Validate that exposed services are properly controlled and that unexpected access attempts are visible.
Description
Simulate probing of exposed HTTP services to identify unintended exposure or weak filtering.
Execution Method
- access known public endpoints
- attempt access to non-existing or sensitive paths (e.g. /admin, /internal)
- send malformed or unexpected HTTP requests
Expected Outcome
- requests are logged by the reverse proxy
- no unintended access to internal services
- error responses returned (403 / 404)
Observed Outcome
(To be filled)
Detection Result
(To be filled)
Conclusion
(To be filled)
Evidence
- Nginx access logs
- HTTP response codes
Notes
- no WAF in place
- detection currently limited to logs