Skip to content

Review Webpage content for Information Leakage

OWASP Web Security Testing Guide 4.2 > 1. Information Gathering > 1.5. Review Webpage content for Information Leakage

ID Link to Hackinglife Link to OWASP Objectives
1.5 WSTG-INFO-05 Review Webpage Content for Information Leakage - Review webpage comments, metadata, and redirect bodies to find any information leakage. - Gather JavaScript files and review the JS code to better understand the application and to find any information leakage. - Identify if source map files or other front-end debug files exist.

Sensitive information can include (but not limited to): Private API keys, internal IP addresses, debugging information, sensitive routes, or even credentials.

Review HTTP comments

<!--

Review METAtags

They do not provide a vector attack directly, but allows an attacker to profile an application:

<META name="Author" content="John Smith">

Review javascript comments

```

And

/*

And the <script> tag.

Review Source map files

By adding .map extension to .js files.

Last update: 2023-12-25
Created: December 24, 2023 11:19:43