How to use Comments and Metadata Information to Gather Intelligence for Penetration TestingMay 11, 2021 No Comments Cyber defense, cybersecurity, Online security, Penetration testing, Pentest, System security admin
The head section of web pages contains troves of information that can be used to ensure that the site is efficiently crawled or positioned for search engine optimization. There is information about the name of the author, the description of the page, and the language used on the web page.
Some sites have information about the Twitter account, the URL address where the images are hosted, about other relevant URL addresses that are connected to the website.
I have viewed some source files that contained information about the forms and the input section of the form. For sites that use Google Analytics, you will see information about the Google Analytics account. Other types of information you may find by investigating the source file may include the name and type of third-party framework. All these types of information that I mentioned can provide a lead for a malicious hacker. If your web page reveals some of the types of information I mentioned here, you may need to take remediated action to ensure that no vulnerable information is exposed.