Google hacking is the term used when a hacker tries to fine exploitable target and sensitive data by using search engine. GHDB (Google Hacking Database) is a database that identifies the sensitive data. Google block some of the better known Google queries nothing stop a hacker from crawling the site and launch the GHDB query directly onto the crawled content. Following are the information Google hacking database identify.
- It’s identify the advisories and server vulnerabilities
- It’s identifying the error messages that contain too much information.
- It’s identifying the file that containing the passwords and sensitive directories.
- It also identifies the pages which contain the logon portals information.
- The easiest way to check whether you website & application have Google hacking vulnerabilities is to use of web vulnerability scanner. Web vulnerabilities scanner scans your entire website automatically checks for pages that are identified by Google hacking queries
Preventing the Google hacking
First verify the all pages identify by the Google hacking queries. Remove such a pages from site which generally provide the information which should not be found on your website. If these pages are required by site. Then arrange the page so that it is not indexed by search engines and arrange the wording so that it is not easy to detect by Google hacking queries.
Authentication play is important role in the security of web application when a user login in web application then it provide the required information for login after approved the user name and passwords to authenticate and prove his identity, assign the user specific privileges to the system. HTTP can include following different type of protocol.
- Clear the user and password and not store automatically
- Use the basic digit but passwords are scrambled.
- A custom form is used to input username and password and is processed using custom logic on the backend.
- Microsoft authentication protocol and implemented within HTTP request or response headers
What an Attacker can do if Site is Vulnerable
- When hacker hack the application that he is a known and valid user than attacker gains access to whatever privileges the administrator assigned that user.
- If hacker or attacker gain access as normal user then maybe he access the database as limited user.
- If hacker hack the application and gain the access then he access as user with global access on the system than he would have almost total control on the application together with its.
SiConsult SecurView Professional Security Services provides enterprise-wide assessments, design and deployment services to build a secure and resilient IT infrastructure