Talk:Testing: Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)

From OWASP
Revision as of 14:26, 15 August 2013 by Rick.mitchell (Talk | contribs)

Jump to: navigation, search

Contents


v3 Review Comments

This section does not cover the items stated in the "brief summary". For v3, if the section is to remain completely google'centric I suggest we rename "Search engine discovery" to "Google searching your web application and accessing google's cache".

Reply to "v3 Review Comments" from @cmlh

The roadmap was to add Yahoo! and Bing to the next release of the OWASP Testing Guide (i.e. v3 -> v4) and to not appear to promote Google over Yahoo! and Bing. It should be noted that Yahoo! and Bing might refer to the same "entity" as further research is undertaken i.e. the "Yahoo! and Microsoft Search Alliance"/"Yahoo! Bing Network".

Furthermore, the intent is *not* to promote the inferior http://www.hackersforcharity.org/ghdb/, rather a more scientific and innovative approach.

Hi cmlh, thanks for the follow-up. That comment was really old and seems to have been migrated for the v3 > v4 draft. I think the new heading/title is more appropriate that previously as is the content.
Should we also be including some Shodan stuff? (http://www.shodanhq.com/) Rick.mitchell (talk)