Google hacking

What is Google hacking?
Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.

The Google Hacking Database is located at http://johnny.ihackstuff.com. More information about Google hacking can be found on: http://www.informit.com/articles/article.asp?p=170880&rl=1.

What a hacker can do if your site is vulnerable
Information that the Google Hacking Database identifies:

  • Advisories and server vulnerabilities
  • Error messages that contain too much information
  • Files containing passwords
  • Sensitive directories
  • Pages containing logon portals
  • Pages containing network or vulnerability data such as firewall logs.

How to check for Google hacking vulnerabilities
The easiest way to check whether your web site & applications have Google hacking vulnerabilities, is to use a Web Vulnerability Scanner. A Web Vulnerability Scanner scans your entire website and automatically checks for pages that are identified by Google hacking queries. (Note: Your web vulnerability scanner must be able to launch Google hacking queries).

The Acunetix Web Vulnerability Scanner scans for SQL injection, Cross site scripting and many more vulnerabilities. For more information & a trial download click here.

Preventing Google hacking attacks
Remove all pages identified by Google hacking queries

Check if your website is vulnerable to attack with Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Take a product tour or download the evaluation version today!

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition!
 To check whether your website has cross site scripting vulnerabilities, download the Free Edition from http://www.acunetix.com/cross-site-scripting/scanner.htm. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site).

Articles on Web Security

Keeping Web Hacking at bay with Acunetix - How to avoid a Hacker Attack on your website
Cross Site Scripting - XSS - The Underestimated Exploit
Microsoft UK Events Website Hacked
The JavaScript Engine of Acunetix WVS
PCI Compliance (Payment Card Industry Data Security Standard)
Web Applications: What are they? What of them?
The True Nature of Web Application Security: The Role and Function of Black Box Scanners
Web hacking: An underestimated threat
Ajax security: Are AJAX applications vulnerable to hack attacks?
PHP / SQL Security - Part 6

More Articles

White Papers on Web Security

Why File Upload Forms are a major security threat
Finding the right web application scanner; why black box scanning is not enough
The Payment Card Industry Compliance - Securing both Merchant and Customer data.
Web Services - The Technology and its Security Concerns
Are AJAX Applications Vulnerable to Hack Attacks? The importance of Securing AJAX Web Applications
Auditing Your Web Site Security with Acunetix Web Vulnerability Scanner
The Importance of Web Application Scanning
SQL & PHP Security by Andrew J. Bennieston

More White Papers