ISO 27001:2022 A.8.3
Access restriction
UnveilScan findings mapped to this control
The scanner emits 15 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).
dns.dev_staging_privileged_exposed
⏱ 15 min
DNS — Dev staging privileged exposed
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.api.h2_console
⏱ 15 min
WEB — Api.h2 console
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.api.jolokia
⏱ 15 min
WEB — Api.jolokia
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.http_method_delete
⏱ 15 min
WEB — Http method delete
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 2 other controls
web.http_method_put
⏱ 30 min
WEB — Http method put
Risk if ignored: PUT accepted on the root path typically allows arbitrary file upload — attacker-controlled content served from your origin.
security reputational
Also maps to 2 other controls
web.joomla_administrator_exposed
⏱ 30 min
WEB — Joomla administrator exposed
Risk if ignored: /administrator/ reachable from the public internet exposes the admin login to brute-force and credential-stuffing campaigns. Joomscan and similar tooling target this surface continuously.
security
Also maps to 1 other control
web.leak.cpanel
⏱ 15 min
WEB — Leak.cpanel
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.leak.phpmyadmin
⏱ 15 min
WEB — Leak.phpmyadmin
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.leak.plesk
⏱ 15 min
WEB — Leak.plesk
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.leak.webmin
⏱ 15 min
WEB — Leak.webmin
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.wayback.admin
⏱ 15 min
WEB — Wayback.admin
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.wayback.internal
⏱ 15 min
WEB — Wayback.internal
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.websocket_reachable
⏱ 15 min
WEB — Websocket reachable
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.wp_user_enum_api
⏱ 30 min
WEB — Wp user enum api
Risk if ignored: REST endpoint /wp-json/wp/v2/users hands out the user list without auth. Same brute-force-feeding risk as the ?author= probe but more precise (slugs, IDs, gravatar URL).
security privacy
Also maps to 1 other control
web.wp_user_enum_author
⏱ 30 min
WEB — Wp user enum author
Risk if ignored: Attackers harvest valid usernames as dictionary entries for brute-force — time-to-compromise drops sharply.
security