Backup Folder Exposure occurs when entire directories containing backup or archived files are accessible via the web server, often due to misconfigured directory structures or permissions. Unlike single backup files, exposed backup folders can contain multiple sensitive artifacts such as source code, database dumps, logs, and configuration files. Attackers can enumerate these folders and automate downloads to retrieve sensitive content in bulk.

Common patterns leading to exposure:

• Web-accessible directories like /backup/, /old/, /archive/ containing backups without authentication.
• Directory names that are predictable or follow a standard naming convention.
• Lack of .htaccess or equivalent rules to block access on web servers.
• Publicly accessible cloud storage or shared network drives mapped to web roots.

Impacts:

• Bulk Information Disclosure: Multiple files containing sensitive information may be exposed simultaneously.
• Facilitates Further Exploitation: Source code, credentials, and configuration files help attackers identify additional vulnerabilities.
• Potential Regulatory Violation: Exposed customer or internal data may breach compliance requirements.

Detection indicators:

• Scanning for common directory names (backup/, old/, archive/, db_backup/) and indexing their contents.
• Directory listing enabled on web server returning multiple backup files.
• Public cloud storage misconfiguration exposing folders.

1. Move Backup Folders Outside Web Root
   Store backup directories in locations not accessible via the web.

2. Access Control
   Apply strict filesystem permissions; allow only authorized administrators to access backup directories.

3. Disable Directory Listings
   Ensure web servers do not permit directory listing, especially in directories containing backups.

4. Remove Redundant Folders
   Periodically audit and delete obsolete or temporary backup directories from production servers.

5. Use Authentication for Access
   If remote access is required, enforce strong authentication and encrypted connections.

6. Encrypt Sensitive Backups
   Apply encryption to all backups to mitigate exposure if the folder is accidentally accessible.

7. Non-Predictable Naming
   Use obfuscated or randomized folder names if they must exist in partially accessible environments.

8. Monitoring and Logging
   Track access attempts to backup folders and alert on suspicious enumeration or downloads.

9. Security Testing
   Include backup folder discovery tests in penetration testing and code review.

• Backup Folder Exposure
• CWE-200: Information Exposure
• CAPEC-152: Malicious File Discovery
• WASC-33: File Inclusion / Disclosure
• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N