[Owasp-testing] Blackbox and Greybox Testing of <META> Tag

Andrew Muller andrew at ionize.com.au
Thu Aug 22 12:29:58 UTC 2013

Hi Christian/Rick, 
just getting around to responding to testing list threads :) 

I've put testing of Meta tags in https://www.owasp.org/index.php/Testing_Review_webpage_comments_and_metadata%28OWASP-IG-007%29 


----- Original Message -----

From: "Christian Heinrich" <christian.heinrich at cmlh.id.au> 
To: "rick mitchell" <rick.mitchell at bell.ca> 
Cc: owasp-testing at lists.owasp.org 
Sent: Thursday, 22 August, 2013 7:20:49 PM 
Subject: [Owasp-testing] Blackbox and Greybox Testing of <META> Tag 


I when through my notes from 2009 today (Thursday) to resolve why the 
<META> Tag section was not included in the OWASP Testing Guide v3. 

The reason was there was a much higher chance of 
robots/spiders/crawlers ignoring <META> Tag(s) then that of ignoring 
the robots.txt in webroot. 

Hence robots.txt in webroot is the preferred recommendation with 
<META> Tag(s) listed as a secondary recommendation. 

I guess the question I am trying to ask is should we now include 
<META> Tag(s) in "Review Webserver Metafiles for Information Leakage"? 

On Fri, Aug 16, 2013 at 6:01 AM, rick.mitchell at bell.ca 
<rick.mitchell at bell.ca> wrote: 
> Hi Christian, those comments were from me while v3 was still in draft. It seems they've been copied over from v3 as part of the v4 spin up. 
> I've replied further on the INFO-001 talk page. I'll get to INFO-003 shortly. 

Christian Heinrich 

Owasp-testing mailing list 
Owasp-testing at lists.owasp.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20130822/52f86efb/attachment.html>

More information about the Owasp-testing mailing list