[Owasp-testing] Unusual Web Spidering Techniques

Christian Heinrich christian.heinrich at owasp.org
Sun Aug 7 23:44:59 EDT 2011


Roberto,

The intent of when this was proposed was to separate the coupling of
"Spidering and Googling" in v2 i.e.
https://lists.owasp.org/pipermail/owasp-testing/2008-May/001462.html
as two parts for v3

https://www.owasp.org/index.php/Testing:_Identify_application_entry_points_(OWASP-IG-003)
might be more related to your proposal.

To build on this,
https://www.owasp.org/index.php/Testing:_Information_Gathering should
be reordered so that it reflects the actual order in which they are
performed e.g.:
1. DNS
2. nmap
3. httprint
4. robots.txt
5. search engine reconnaissance
6. spidering

On Fri, Aug 5, 2011 at 9:00 PM, Roberto Suggi Liverani
<robertosl at owasp.org> wrote:
> Hi all,
>
> Just blogged about "Unusual Web Spidering Techniques" -
> http://bit.ly/nAUf9X - I thought it would be useful to post the link
> in this list, as it might give some ideas to improuve section
> OWASP-IG-001 (https://www.owasp.org/index.php/Testing:_Spiders,_Robots,_and_Crawlers_%28OWASP-IG-001%29
> ) in the next OWASP Testing Guide v4.
>
> Feedback, as usual, is more than welcome.
>
> Cheers,
>
> Roberto Suggi Liverani
>
> Blog: http://malerisch.net
> Twitter: https://twitter.com/#!/malerisch
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>



-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh


More information about the Owasp-testing mailing list