[Owasp-google-hacking] Google hacking code

Christian Heinrich christian.heinrich at owasp.org
Sat Jun 12 02:48:42 EDT 2010


George,

As http://code.google.com/apis/soapsearch/api_faq.html#tech15 is no
longer offered by Google any "workaround" of the "SOAP Search API" is
a violation of http://www.google.com/accounts/TOS which is cited
within the "Google's search service" clause of the "Terms and
Conditions for Google SOAP Search API".

The OWASP Global Project Committee was made aware that further
development of SOAP Search related functionality ceased and the
Release withdrawn from limited circulation once Google removed
http://api.google.com/GoogleSearch.wsdl.

Please refer to
http://www.owasp.org/index.php/Testing:_Spiders,_Robots,_and_Crawlers_%28OWASP-IG-001%29
to address the reduce information leakage of a web application via
Google.

On Sat, Jun 12, 2010 at 11:23 AM, George Anelopolis
<george.anelopolis at gmail.com> wrote:
> I have read the Terms and Conditions for Google SOAP Search API very carefully:
>
>>OWASP does *not* promote/endorse the use of a workaround that violates
>>the "Terms and Conditions for Google SOAP Search API Service" i.e.
>>http://code.google.com/apis/soapsearch/api_terms.html
>
> Personal use of your tool is fine. There is no violation of any laws
> or proprietary rights by making use of functionality provided directly
> through the Google SOAP Search API, so there's no reason why your code
> should not be released. If you are legitimately under pressure to not
> release such code, then I'd like to question why an illegal project
> would be sponsored by OWASP in the first place.
>
> In addition, you're familiar with the OWASP project principles at
> http://www.owasp.org/index.php/About_OWASP. You need to obey the
> obligations you have to other community members, by making the tool
> free for anybody interested in improving application security.

-- 
Regards,
Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking


More information about the Owasp-google-hacking mailing list