[Owasp-testing] Blackbox and Greybox Testing of <META> Tag

rick.mitchell at bell.ca rick.mitchell at bell.ca
Fri Aug 23 13:18:38 UTC 2013

I think we need to be careful in how we frame titles etc related to <META> so that we're not implying that it only covers spidering/indexing related info/controls. <META> Also leaks information like technologies in use, also facilitates redirects, etc.


-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Christian Heinrich
Sent: August 22, 2013 9:35 PM
To: Andrew Muller
Cc: owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Blackbox and Greybox Testing of <META> Tag


On Thu, Aug 22, 2013 at 10:29 PM, Andrew Muller <andrew at ionize.com.au> wrote:
> I've put testing of Meta tags in
> https://www.owasp.org/index.php/Testing_Review_webpage_comments_and_metadata%28OWASP-IG-007%29

Should we split this into four "INFO" tests all related to spidering then i.e.:
1. http://www.robotstxt.org/meta.html
2. robots.txt in webroot
3. SEO related <META> Tags i.e.
4. HTML Comments i.e. <!-- ... //-->

Christian Heinrich

Owasp-testing mailing list
Owasp-testing at lists.owasp.org

More information about the Owasp-testing mailing list