- Method naming: The name of methods leak the implementation details and the underlying technology used. This could be used by hackers for planning attacks. For example, the method such as “doElasticSearch”. This represents that ElasticSearch is used for the search.
- File naming: The name of files represented the models and related structure/relationship. This may not be the best way of naming the files. This information could be used by hackers.
- Access permissions: All of the assets could be accessed from this webpage.
Security Vulnerabilities Fixes
The following could be used to fix the security vulnerabilities mentioned above:
- Avoid naming methods based on underlying technologies. For example, methods such as “doElasticSearch” provide the information that ElasticSearch may be used within for searching.
- Set appropriate access permissions to the different folders in assets. This is a key way of controlling the privacy of website’s assets.
- The name of the JS files should be named appropriately, preferably, in a cryptic manner such that internal models could not be comprehended using the file names.
- Machine Learning – Training, Validation & Test Data Set - June 13, 2021
- Why use Random Seed in Machine Learning? - June 12, 2021
- Deep Learning – Top 5 Online Jupyter Notebooks Servers - June 11, 2021