What we analyze
Many developers accidentally leave sensitive files accessible on the web server. These files can contain credentials, source code, database backups and other critical information.
Files we search for
.git repositories
Exposed Git directories that can reveal complete source code.
.env files
Environment configuration files with API keys and passwords.
Backups (.sql, .zip)
Database or website backup files.
Configuration files
wp-config.php, config.php, settings.py and similar.
Why is it important?
Leaving sensitive files exposed is one of the most serious errors that can be committed. It allows attackers to gain total control of your application, access your database, and steal all your users' information effortlessly.
Impact if it fails
- Credential exposure (passwords, API keys)
- Complete source code access
- Database information leakage
- Direct access to internal systems
Applicable Legal Framework
Article 32 of GDPR requires preventing unauthorized access to personal data. Leaving sensitive files exposed is a critical vulnerability that demonstrates a lack of appropriate technical measures and can lead to severe sanctions.
Potential Sanctions
| Company Type | Indicative Fine |
|---|---|
| Micro-enterprise | 5,000 - 40,000 € |
| SME | 40,000 - 300,000 € |
| Large Enterprise | Up to 10M € or 2% turnover |