Chapter 7. Information Disclosure

In this chapter:
Problems with Information Disclosure
Locating Common Areas of Information Disclosure
Identifying Interesting Data
Summary

Information disclosure is one of the most abundant threats to an application and often the most overlooked. In short, information disclosure bugs involve giving too much information to individuals who are not supposed to be able to obtain that information. Some bugs are as obvious as an attacker gaining access to user credentials stored in clear text where the attacker can read them. However, some bugs are not as obvious, such as when extra data can be read only by viewing the file in a binary editor.

Problems with Information Disclosure

Although threat models and data flow diagrams ...

Get Hunting Security Bugs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Hunting Security Bugs by Bryan Jeffries, Tom Gallagher, Lawrence Landauer

Chapter 7. Information Disclosure

Problems with Information Disclosure

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly