Skip to main content

Avoid exposing technical information

Requirement#

Technical information (product name, version, configuration) of exposed services should not be accessible.

References#

  • CAPEC-116: Excavation: An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data.

  • CAPEC-224: Fingerprinting: An adversary compares output from a target system to known indicators that uniquely identify specific details about the target.