OWASP Automated Threats

Probe and explore application to identify its constituents and properties.

What is Footprinting?

Information gathering with the objective of learning as much as possible about the composition, configuration and security mechanisms of the application. Unlike Scraping, Footprinting is an enumeration of the application itself, rather than the data. It is used to identify all the URL paths, parameters and values, and process sequences (i.e. to determine entry points, also collectively called the attack surface). As the application is explored, additional paths will be identified which in turn need to be examined.

Footprinting can also include brute force, dictionary and guessing of file and directory names. Fuzzing may also be used to identify further application resources and capabilities. However, it does not include attempts to exploit weaknesses.

Footprinting is also known by terms such as application analysis, API discovery, application enumeration, automated scanning; CGI scanning, forced browsing, micro service discovery, spidering and WSDL scanning.

The symptoms of Footprinting

  • 1
    Increase in system and application error codes, such as HTTP status codes 404 and 503, in the same user session
  • 2
    Users that exercise the functionality of the entire application in a manner that diverges from typical user behavior

Sectors targeted by Footprinting

  • Education
  • Entertainment
  • Financial
  • Government
  • Health
  • Retail
  • Technology
  • Social Networking

Can InfiSecure prevent Footprinting?

InfiSecure’s advanced bot mitigation solution can prevent footprinting by identifying and restricting automated usage by fingerprinting the user agent and other attack vectors for its unique characteristics.