Company Homepage

Company Homepage
The company’s website may not yield any sensitive information when
viewed through a browser, however, if the HTML source code is
viewed more may be derived. It is possible to read through all the
HTML code manually, hoping to find useful information or to use a tool
written specifically for the task. An example of such a tool is Sam
Spade, found on its home page, www.samspade.org. The
downloadable executable is compiled to run on a Windows operating
system though there is also a reduced functionality web-based version
that can be accessed by any Internet client.
Information Hidden in HTML
Potentially, any amount of information can be located in the source
code for a website. It could be as simple as a comment placed in the
code by the author or auto generated comments and code that identify
the software package used to create or serve the website. The following
list identifies typical information found:
• E-mail addresses for key staff within the target company or the
website author(s).
• Usernames for key staff or author(s).
• Passwords for any of the above.
• The software package used to create the website.
• The software that the web server is running.
• The location of CGI scripts and other significant files on the server.
• Authentication details for communications between this and other
servers.
• Other servers that mirror this website.