While assessing a Java-based site, you run DirBuster and learn that /WEB-INF/web.xml is openly accessible from the Internet. According to the CEH Web Application Hacking Methodology, during which phase would you catalogue and examine such exposed configuration files?
Directory and file enumeration, content discovery, and inspection of publicly reachable application resources are performed in the "Analyze web applications" phase. By this point the tester has already completed infrastructure footprinting and now focuses on mapping the application's internal structure (hidden directories, configuration files, comments, parameters, etc.). Phases such as "Footprint web infrastructure," "Bypass client-side controls," and "Attack authentication mechanisms" address different objectives and therefore are not appropriate for evaluating an exposed web.xml file.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DirBuster, and how is it used?
Open an interactive chat with Bash
Why is /WEB-INF/web.xml a sensitive file?
Open an interactive chat with Bash
What happens during the 'Analyze web applications' phase in CEH methodology?
Open an interactive chat with Bash
What is the purpose of the 'Analyze web applications' phase?
Open an interactive chat with Bash
What kind of information can be found in the web.xml file?
Open an interactive chat with Bash
How does DirBuster assist in the 'Analyze web applications' phase?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .