Testing: Information Gathering - Revision history

Andrew Muller at 05:27, 8 November 2012

2012-11-08T05:27:01Z

Andrew Muller at 05:19, 8 November 2012

2012-11-08T05:19:49Z

Andrew Muller at 05:13, 8 November 2012

2012-11-08T05:13:31Z

Andrew Muller at 05:05, 8 November 2012

2012-11-08T05:05:19Z

Andrew Muller at 04:28, 8 November 2012

2012-11-08T04:28:40Z

Mmeucci at 14:41, 9 October 2012

2012-10-09T14:41:30Z

KirstenS at 14:28, 2 February 2009

2009-02-02T14:28:22Z

KirstenS at 10:26, 29 December 2008

2008-12-29T10:26:35Z

KirstenS at 02:57, 2 December 2008

2008-12-02T02:57:04Z

KirstenS at 02:44, 2 December 2008

2008-12-02T02:44:34Z

@@ Line 12: / Line 12: @@
-[[Testing: Spiders, Robots, and Crawlers  (OWASP-IG-001)|4.2.1 Spiders, Robots and Crawlers (OWASP-IG-001)]] [rename to Review website metafiles]
+[[Testing for Application Discovery (OWASP-IG-005)|4.2.5 Application Discovery  (OWASP-IG-005)]] [rename to "Enumerate applications on webserver"]<br>
 This phase of the Information Gathering process consists of browsing and capturing resources related to the application being tested.
 [[Testing: Review webpage comments and metadata  (OWASP-IG-00x)|4.2.x Review webpage comments and metadata(OWASP-IG-00x)]]
 Review the webpage metadata, HTML, JavaScript comments for sensitive information and disabled links/scripts.
 [[Testing: Identify application entry points (OWASP-IG-003)|4.2.3 Identify application entry points  (OWASP-IG-003)]]<br>
@@ Line 29: / Line 28: @@
 Identify the functional exit points of the application and points where the application hands over to another application that may, or may not, be within scope of testing (e.g. handover to a payment gateway).
-[[Testing: Map paths through the application(OWASP-IG-00x)|4.2.x Map paths through the application (OWASP-IG-00x)]]<br>
+[[Testing: Map paths through the application (OWASP-IG-00x)|4.2.x Map paths through the application (OWASP-IG-00x)]]<br>
 Enumerating the application and its attack surface is a key precursor before any attack should commence. This section will help you identify and map out every area within the application that should be investigated once your enumeration and mapping phase has been completed.
 [[Testing for Web Application Fingerprint (OWASP-IG-004)|4.2.4 Testing Web Application Fingerprint  (OWASP-IG-004)]]<br>
 Application fingerprint is the first step of the Information Gathering process; knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing.
-[[Testing for Application Discovery (OWASP-IG-005)|4.2.5 Application Discovery  (OWASP-IG-005)]]<br>
+[[Testing for Error Codes (OWASP-IG-006)|4.2.6 Analysis of Error Codes  (OWASP-IG-006)]]<br>
 During a penetration test, web applications may divulge information that is not intended to be seen by an end user. Information such as error codes can inform the tester about technologies and products being used by the application.<br>
 In many cases, error codes can be easily invoked without the need for specialist skills or tools, due to bad exception handling design and coding.
 Clearly, focusing only on the web application will not be an exhaustive test. It cannot be as comprehensive as the information possibly gathered by performing a broader infrastructure analysis.

@@ Line 12: / Line 12: @@
-[[Testing: Spiders, Robots, and Crawlers  (OWASP-IG-001)|4.2.1 Spiders, Robots and Crawlers (OWASP-IG-001)]]
+[[Testing: Spiders, Robots, and Crawlers  (OWASP-IG-001)|4.2.1 Spiders, Robots and Crawlers (OWASP-IG-001)]] [rename to Review website metafiles]
 This phase of the Information Gathering process consists of browsing and capturing resources related to the application being tested.
 [[Testing: Review webpage comments and metadata  (OWASP-IG-00x)|4.2.x Review webpage comments and metadata(OWASP-IG-00x)]]

@@ Line 16: / Line 16: @@
 This phase of the Information Gathering process consists of browsing and capturing resources related to the application being tested.
-[[Testing: Review robots.txt file for sensitive resources (OWASP-IG-00x)|4.2.x Review robots.txt file (OWASP-IG-00x)]]
+[[Testing: Review website metafiles (OWASP-IG-00x)|4.2.x Review website metafiles (OWASP-IG-00x)]]
 Review the robots.txt file (if it exists) for sensitive URLs.
-[[Testing: Review webpage metadata attributes  (OWASP-IG-00x)|4.2.x Review webpage metadata attributes (OWASP-IG-00x)]]
+[[Testing: Review webpage comments and metadata  (OWASP-IG-00x)|4.2.x Review webpage comments and metadata(OWASP-IG-00x)]]
-Review the webpage metadata for attributes.
+Review the webpage metadata, HTML, JavaScript comments for sensitive information and disabled links/scripts.
 [[Testing: Search engine discovery/reconnaissance (OWASP-IG-002)|4.2.2 Search Engine Discovery/Reconnaissance  (OWASP-IG-002)]]<br>

← Older revision		Revision as of 05:05, 8 November 2012
Line 23:		Line 23:

	Review the webpage metadata for attributes.		Review the webpage metadata for attributes.
		+
		+	[[Testing: Review HTML comments (OWASP-IG-00x)\|4.2.x Review webpage metadata attributes (OWASP-IG-00x)]]
		+
		+	Review the webpage HTML comments for sensitive information and disabled links.
		+
		+	[[Testing: Review JavaScript comments (OWASP-IG-00x)\|4.2.x Review webpage metadata attributes (OWASP-IG-00x)]]
		+
		+	Review the webpage JavaScript comments for senstive information or disabled scripts.

	[[Testing: Search engine discovery/reconnaissance (OWASP-IG-002)\|4.2.2 Search Engine Discovery/Reconnaissance (OWASP-IG-002)]]<br>		[[Testing: Search engine discovery/reconnaissance (OWASP-IG-002)\|4.2.2 Search Engine Discovery/Reconnaissance (OWASP-IG-002)]]<br>

@@ Line 5: / Line 5: @@
 The  first phase in security assessment is focused on collecting as much information as possible about a target application.
-Information Gathering is a necessary step of a penetration test.
+Information Gathering is the most critical step of an application security test. The security test should endeavour to test as much of the code base as possible. Thus mapping all possible paths through the code to facilitate thorough testing is paramount.
 This task can be carried out in many different ways.
@@ Line 15: / Line 15: @@
 This phase of the Information Gathering process consists of browsing and capturing resources related to the application being tested.
 [[Testing: Search engine discovery/reconnaissance (OWASP-IG-002)|4.2.2 Search Engine Discovery/Reconnaissance  (OWASP-IG-002)]]<br>
@@ Line 20: / Line 28: @@
 [[Testing: Identify application entry points (OWASP-IG-003)|4.2.3 Identify application entry points  (OWASP-IG-003)]]<br>
 Enumerating the application and its attack surface is a key precursor before any attack should commence. This section will help you identify and map out every area within the application that should be investigated once your enumeration and mapping phase has been completed.

← Older revision		Revision as of 14:41, 9 October 2012
Line 1:		Line 1:
−	{{Template:OWASP Testing Guide v3}}	+	{{Template:OWASP Testing Guide v4}}

	''' 4.2 Information Gathering '''		''' 4.2 Information Gathering '''

@@ Line 29: / Line 29: @@
 This analysis is important because often there is not a direct link connecting the main application backend. Discovery analysis can be useful to reveal details such as web applications used for administrative purposes. In addition, it can reveal old versions of files or artifacts such as undeleted, obsolete scripts, crafted during the test/development phase or as the result of maintenance.
-[[Analysis of Error Codes  (OWASP-IG-006)|4.2.6 Analysis of Error Codes  (OWASP-IG-006)]]<br>
+[[Testing for Error Code (OWASP-IG-006)|4.2.6 Analysis of Error Codes  (OWASP-IG-006)]]<br>
 During a penetration test, web applications may divulge information that is not intended to be seen by an end user. Information such as error codes can inform the tester about technologies and products being used by the application.<br>
 In many cases, error codes can be easily invoked without the need for specialist skills or tools, due to bad exception handling design and coding.
 Clearly, focusing only on the web application will not be an exhaustive test. It cannot be as comprehensive as the information possibly gathered by performing a broader infrastructure analysis.

@@ Line 25: / Line 25: @@
 Application fingerprint is the first step of the Information Gathering process;[[Category:FIXME|If this is the first step, should it be first in this list?]] knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing.
-[[Testing for Application Discovery|4.2.5 Application Discovery  (OWASP-IG-005)]]<br>
+[[Testing for Application Discovery (OWASP-IG-005)|4.2.5 Application Discovery  (OWASP-IG-005)]]<br>
 Application discovery is an activity oriented to the identification of the web applications hosted on a web server/application server.<br>
 This analysis is important because often there is not a direct link connecting the main application backend. Discovery analysis can be useful to reveal details such as web applications used for administrative purposes. In addition, it can reveal old versions of files or artifacts such as undeleted, obsolete scripts, crafted during the test/development phase or as the result of maintenance.