still present within the live application, and that can be used to attack it

A further public source of useful information about the target application is

any posts that developers and others have made to Internet forums. There are

numerous such forums in which software designers and programmers ask

and answer technical questions. Often, items posted to these forums will con-

tain information about an application that is of direct benefit to an attacker,

including the technologies in use, the functionality implemented, problems

encountered during development, known security bugs, configuration and

log files submitted to assist troubleshooting, and even extracts of source code.

HACK STEPS

■