Testing Information Gathering
This article is part of the new OWASP Testing Guide v4.
At the moment the project is in the REVIEW phase.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: http://www.owasp.org/index.php/OWASP_Testing_Project
4.3 Testing for Information Gathering
4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage (OTG-INFO-001) formerly "Search Engine Discovery/Reconnaissance (OWASP-IG-002)"
4.2.2 Fingerprint Web Server (OTG-INFO-002) formerly "Testing for Web Application Fingerprint (OWASP-IG-004)"
4.2.3 Review Webserver Metafiles for Information Leakage (OTG-INFO-003) formerly "Spiders, Robots and Crawlers (OWASP-IG-001)"
4.2.4 Enumerate Applications on Webserver (OTG-INFO-004) formerly "Application Discovery (OWASP-IG-005)"
4.2.5 Review Webpage Comments and Metadata for Information Leakage (OTG-INFO-005) formerly "Review webpage comments and metadata(OWASP-IG-007)"
4.2.6 Identify application entry points (OTG-INFO-006) formerly "Identify application entry points (OWASP-IG-003)"
4.2.7 Identify application exit/handover points (OTG-INFO-007) formerly "Identify application exit/handover points (OWASP-IG-008)"
4.2.8 Map execution paths through application (OTG-INFO-008) formerly "Map execution paths through application (OWASP-IG-009)"
4.2.9 Fingerprint Web Application Framework (OTG-INFO-009) formerly "Testing for Web Application Fingerprint (OWASP-IG-010)" Ready to be reviewed
4.2.10 Fingerprint Web Application (OTG-INFO-010) formerly "Testing for Web Application Fingerprint (OWASP-IG-010)" [Amro AlOlaqi] Ready to be reviewed
4.2.11 Map Network and Application Architecture (OTG-INFO-011) formerly "Testing for Infrastructure Configuration Management Testing weakness (OWASP-CM-001)" [Amro AlOlaqi] Ready to be reviewed