[Owasp-testing] Blackbox and Greybox Testing of <META> Tag

Christian Heinrich christian.heinrich at cmlh.id.au
Thu Aug 22 09:20:49 UTC 2013


I when through my notes from 2009 today (Thursday) to resolve why the
<META> Tag section was not included in the OWASP Testing Guide v3.

The reason was there was a much higher chance of
robots/spiders/crawlers ignoring <META> Tag(s) then that of ignoring
the robots.txt in webroot.

Hence robots.txt in webroot is the preferred recommendation with
<META> Tag(s) listed as a secondary recommendation.

I guess the question I am trying to ask is should we now include
<META> Tag(s) in "Review Webserver Metafiles for Information Leakage"?

On Fri, Aug 16, 2013 at 6:01 AM, rick.mitchell at bell.ca
<rick.mitchell at bell.ca> wrote:
> Hi Christian, those comments were from me while v3 was still in draft. It seems they've been copied over from v3 as part of the v4 spin up.
> I've replied further on the INFO-001 talk page. I'll get to INFO-003 shortly.

Christian Heinrich


More information about the Owasp-testing mailing list