))
Gathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Manage episode 292613659 series 2926569
内容由Joy Alatta提供。所有播客内容(包括剧集、图形和播客描述)均由 Joy Alatta 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as the design and configuration of the website could be assessed by searching about the target in forums or social media sites.
To proceed with trying to understand how to find out of there is a sensitive design and configuration vulnerability in an application or a website, try to use some of the search engines such as Chrome, Baidu, Bing, Duck Duck Go, and Punkspider.
I advise that you try many search engines so that you can compare the information from each of them. The number of search engines that you decide to try will be determined by the amount of time that you have for the project...More
--- Support this podcast: https://podcasters.spotify.com/pod/show/digitalclassroom/support20集单集
分享
