Exploring the Risk and Impact of Insufficiently Protected Credentials and Directory Listing Exposure on Web Application

Abstract

This study examines the risks and impacts of two fundamental web security vulnerabilities: insufficiently protected credentials and directory listing exposure. A Quantitative methods approach was employed, combining analysis of user behavior through questionnaires and technical demonstrations using Dirsearch on a designated target website. The results indicate that students majoring in Cyber Security Engineering at Batam State Polytechnic demonstrate a high level of awareness and understanding of credential protection practices, reflecting effective user education. However, significant risks remain due to vulnerabilities in server configurations that allow directory listing exposure, which could facilitate unauthorized data access. Collectively, these issues elevate the likelihood of data breaches and unauthorized access. The findings highlight the urgent need for proactive mitigation focusing on system hardening alongside continued user education.