Details | |
---|---|
Alert ID | 90028 |
Alert Type | Active |
Status | beta |
Risk | Medium |
CWE | 200 |
WASC | 45 |
Technologies Targeted | All |
Tags |
OWASP_2017_A06 OWASP_2021_A05 POLICY_DEV_FULL POLICY_QA_FULL WSTG-V42-CONF-06 |
More Info |
Scan Rule Help |
Summary
The most common methodology for attackers is to first footprint the target’s web presence and enumerate as much information as possible. With this information, the attacker may develop an accurate attack scenario, which will effectively exploit a vulnerability in the software type/version being utilized by the target host.
Multi-tier fingerprinting is similar to its predecessor, TCP/IP Fingerprinting (with a scanner such as Nmap) except that it is focused on the Application Layer of the OSI model instead of the Transport Layer. The theory behind this fingerprinting is to create an accurate profile of the target’s platform, web application software technology, backend database version, configurations and possibly even their network architecture/topology.