I was recently given a project on investigating on how to remove a web application's various vulnerabilities.
The site runs under the Zend Framework just to add.
After a vulnerability assessment was done on the said web site, the result showed that while browsing certain pages in the site, backup web pages were made. (These being files having .bak, .bkp, and .old as their file extensions among a few)
I tried logging into the site and browsing to the said pages that were said to create the backup web pages but found nothing when going over the server's directory at the same time.
I'm completely new to Zend and is this natural for the framework? My guess is that Zend creates temporary files but I'm really not sure.
If it does, is this really a vulnerability? If it is, how can it be removed?
I've tried searching for it first but it was to no avail.