Gathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Manage episode 292613659 series 2926569
Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as the design and configuration of the website could be assessed by searching about the target in forums or social media sites.
To proceed with trying to understand how to find out of there is a sensitive design and configuration vulnerability in an application or a website, try to use some of the search engines such as Chrome, Baidu, Bing, Duck Duck Go, and Punkspider.
I advise that you try many search engines so that you can compare the information from each of them. The number of search engines that you decide to try will be determined by the amount of time that you have for the project...More
--- Support this podcast: https://podcasters.spotify.com/pod/show/digitalclassroom/support20 에피소드