Web Application Security Testing with Google Hacking

Sensitive data from web applications can be indexed by Google and then it becomes publicly exposed to everyone on the Internet. In this course, you’ll learn about different types of sensitive data that can be indexed by Google. What’s more – you’ll learn about the technique known as Google Hacking and you’ll see how Google Hacking can be used by ethical hackers and professional penetration testers for finding security weaknesses in web applications.

First, I’ll present how you can use Google Hacking to find directory listings and SQL syntax errors. After that, I’ll demonstrate how you can find publicly exposed backup files and internal server errors by means of Google Hacking. Next, I’ll show you how you can use Google Hacking to find sensitive data in URLs and insecure HTTP web pages. Then, I’ll explain to you what Google Hacking Database is and I’ll tell you about a critical vulnerability in Microsoft Yammer Social Network that allowed the attacker to gain unauthorized access to users’ accounts by means of Google Hacking. Finally, I’ll tell you how to prevent Google indexing from happening.

What you’ll see primarily in this course are demos and real-world scenarios, because I want you to make the most of this course and apply this knowledge in your own penetration testing projects. I hope this sounds good to you and I can’t wait to see you in the class.