PASSIVE ENUMERATION IN WEB APPLICATION SECURITY
In an age where websites need to be properly secured in order for them to avoid being a part of a major breach, Reconnaissance plays an important role in both attacking as well as defending a website. Everyone want to defend and secure assets as much as possible to avoid a possible cyber-attack on our organization.
The “reconnaissance” phase is the first phase of an attack. The main aim of research is to study the organization or an asset to defend which is also known as target and find out as much information about it as possible. From the most common details to the smallest ones, the study is required to note down every possible thing about target. This information will help to map out target and possibly find flaws in the Business structure or infrastructure.
This paper studies different passive techniques available for a pen tester or internal security team of an organization to map out the public facing assets or endpoints of the target application. The first step an Attacker would perform, when attacking an organization, would be to map out the organization’s entire infrastructure and finding out as much information about their target as possible without engaging actively with the target. This paper tries to cover different techniques an attacker might use to find sensitive information about the target which is usually available publicly. These techniques are well known in the Information Security field and would try to help the defenders to be a step ahead of the attackers