Скачать или смотреть SSD Assignment vulnerability fixing | Directory Browsing | Application Error Disclosure

(Directory Browsing) If directory browsing is enabled, users can view a list of files in your directories. This can expose sensitive information and is a security risk.

Without an index file, if someone tries to browse this directory, they’ll see all the files inside. But we can prevent this by adding a simple directive in the .htaccess file.

By adding Options -Indexes, we disable directory browsing. Now, when someone tries to access that directory, they’ll get a 'Forbidden' message instead of a list of files. This helps keep our application secure."

(Application Error Disclosure) "Next is preventing application error disclosure. Showing detailed error messages to users can give hackers valuable information about your system, like database structure or code details. To avoid this, we can sanitize the input we receive.

For example, here we have an id parameter that we get from the URL. To make sure we only accept valid numbers, I’m using filter_input to sanitize the id. This makes sure only a numeric value is passed through, preventing unexpected errors or malicious input.