Penetration testers, as well as black hat hackers, look for vulnerabilities in websites. Both groups use the same processes and automated tools to achieve very different goals.
Like clever thieves looking for points of entry, except digital spying, isn’t carried out by people. It’s done by launching reconnaissance missions, using “hacker tools” to gather valuable intel, fast.
OWASP calls this ‘vulnerability identification’. Fingerprinting and Footprinting are like casing the joint. Vulnerability Scanning identifies the point of entry.
Fingerprinting checks the foundation of a site. What server and software is running? Automated tools, also known as bots, identify the nuts and bolts of the website. Then Footprinting takes an inventory of the entire attack surface of the web application, looking at everything, analyzing pages, directory names, APIs, URL paths, and all other resources.
Now that the attacker understands the structure and technology used on the website, it can move onto the third wave of reconnaissance - a vulnerability scan. Every resource, URL, and file is systematically examined to find penetrable points of attack.
Ready for the good news? Distil Networks knows who’s human and who’s not on your website and identifies automated vulnerability scanning tools used by hackers. We block every OWASP Automated Threat.