| Locate the directories containing the CGI scripts. These directories should be language-specific (e.g., PERL, ASP, JS, JSP, etc.). |
Right-click on the web content directory and the related CGI directories. On the Properties tab, examine the access rights for the CGI, cgi-bin, or cgi-shl directories.
Anonymous FTP users must not have access to these directories.
If the CGI, the cgi-bin, or the cgi-shl directories can be accessed by any group that does not require access, this is a finding.