Application Security Terminology

Glossary

Predictable Resource Location

Predictable Resource Location is an attack method used to uncover hidden website content and functionality. This technique allows an attacker to make educated guesses via brute force attacks to guess file and directory names not intended for public viewing. Brute forcing filenames is easy because files/paths often have common naming convention and reside in standard locations. And they can include temporary files, backup files, logs, administrative site sections, configuration files, demo applications, and sample files. These files may disclose sensitive information about the website, web application internals, database information, passwords, machine names, file paths to other sensitive areas, to name a few.


Predictable Resource Location can also be referred to as forced browsing, forceful browsing, file enumeration, and directory enumeration.