Review Webpage content for Information Leakage
OWASP Web Security Testing Guide 4.2 > 1. Information Gathering > 1.5. Review Webpage content for Information Leakage
ID | Link to Hackinglife | Link to OWASP | Objectives |
---|---|---|---|
1.5 | WSTG-INFO-05 | Review Webpage Content for Information Leakage | - Review webpage comments, metadata, and redirect bodies to find any information leakage. - Gather JavaScript files and review the JS code to better understand the application and to find any information leakage. - Identify if source map files or other front-end debug files exist. |
Sensitive information can include (but not limited to): Private API keys, internal IP addresses, debugging information, sensitive routes, or even credentials.
Review HTTP comments
Review META
tags
They do not provide a vector attack directly, but allows an attacker to profile an application:
Review javascript comments
And
And the <script>
tag.
Review Source map files
By adding .map extension to .js files.
Last update: 2023-12-25 Created: December 24, 2023 11:19:43