Forced Browsing is a feature which is available on the Enterprise plan. It allows you to upload a text file containing different paths which should not be publicly accessible, eg. /system/, /admin/, /logs/, etc
We will attempt to access all paths listed and if they are externally accessible on the Internet, we will generate a finding.
If you wish to activate forced browsing, reach out to your Customer Success Manager who will enable the functionality for you. Once activated, you will be able to upload your text file by navigating to "Application Scan Settings", scrolling down to "What should we test for?" and clicking the "Edit" button which appears next to: "Use Forced Browsing to make sure we don't reach sensitive resources?"