OWASP Automated Threats Explained - Fingerprinting, Footprinting, and Vulnerability Scanning

August 10, 2017

Penetration testers, as well as black hat hackers, look for vulnerabilities in websites. Both groups use the same processes and automated tools to achieve very different goals. 

Like clever thieves looking for points of entry, except digital spying, isn’t carried out by people. It’s done by launching reconnaissance missions, using “hacker tools” to gather valuable intel, fast. 

OWASP calls this ‘vulnerability identification’. Fingerprinting and Footprinting are like casing the joint. Vulnerability Scanning identifies the point of entry.

Fingerprinting checks the foundation of a site. What server and software is running? Automated tools, also known as bots, identify the nuts and bolts of the website. Then Footprinting takes an inventory of the entire attack surface of the web application, looking at everything, analyzing pages, directory names, APIs, URL paths, and all other resources. 

Now that the attacker understands the structure and technology used on the website, it can move onto the third wave of reconnaissance - a vulnerability scan. Every resource, URL, and file is systematically examined to find penetrable points of attack.

Ready for the good news? Distil Networks knows who’s human and who’s not on your website and identifies automated vulnerability scanning tools used by hackers. We block every OWASP Automated Threat.

Previous Video
Inside The 2018 Bad Bot Report
Inside The 2018 Bad Bot Report

We're interviewing Anna from Distil Networks about the 2018 Bad Bot report. The interview covers what bots ...

Next Video
Enterprise Security Weekly with Rami Essaid
Enterprise Security Weekly with Rami Essaid

Founder of Distil Networks, Rami Essaid is a passionate entrepreneur who has been building companies for ov...