Strategy: Using Google to Find Vulnerabilities

Mar 05, 2012


Using Google to Find Vulnerabilities In Your IT Environment

Google, Bing and other major search engines, have made it easy to find all manner of information—including everything from exposed password files to SQL injection points. This led to the emergence of Google hacking, a technique used to identify and then exploit system and data vulnerabilities.

Google hacking’s popularity waned in the last few years, due in large part to Google shutting down the Google SOAP API. However, with aggressive R&D efforts fueled by innovative thinking, as well as significantly more data available on the Web and stored in the cloud, Google hacking is on the rise again. While this gives IT security professionals yet another battle to fight, the good news is that they can leverage the very tools and techniques hackers use to identify and fix any vulnerabilities their companies may have. In other words, they can Google themselves to find security problems before the bad guys do.

In this report we will examine a slew of new tools and techniques that will allow security professionals to
leverage Google, Bing, Baidu and other open search interfaces to proactively track down and eliminate sensitive information disclosures and vulnerabilities in public systems and also take a look at defensive tools designed to pull thousands of real-time RSS updates from search engines to provide users with alerts—a sort of intrusion detection system (IDS) for Google hacking. Malicious hackers have already embraced search engine hacking as an effective way to target and exploit vulnerabilities on a massive scale. It is imperative that security professionals learn to take equal advantage of these techniques to help safeguard their organizations. (S4440312)

Research Report