June 2018
Intermediate to advanced
294 pages
7h 5m
English
Content preview from Practical Web Penetration Testing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Passive information gathering – reconnaissance – OSINT
In the first step before the penetration testing starts, you will need to passively collect the information about the company in scope. To accomplish this task, you will use the web, along with some automated tools that call the web at the backend as well. This phase is also called the collection of Open Source Intelligence (OSINT). OSINT refers to the information collected from the internet. Another name for this phase used by security professionals is reconnaissance. To be honest, they all refer to the same task, but you need to be aware of the different names used to describe this stage.
If your target (whether it's your client's target or that of the organisation for which you work) ...