- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
A fingerprint is a group of information that can be used to detect the software, network protocols, operating systems, or hardware devices. Fingerprinting (also known as Footprinting) is the art of using that information to correlate data sets to identify network services, operating system number and version, software applications, databases, configurations and more.
Fingerprinting (or Footprinting) a target’s web presence is often an attacker’s first step in planning an attack. The purpose is to accumulate as much information as possible, including the target’s platform, application software technology, backend database version, configurations, and possibly even the network’s architecture/ topology. Multitier fingerprinting is similar to its predecessor, TCP/IP Fingerprinting (with the use of a scanner such as Nmap) except that it is focused on the Application Layer of the OSI model instead of the Transport Layer. Based on the information, an attacker can glean from Fingerprinting/Footprinting exercises, they can develop an accurate attack scenario to exploit vulnerabilities in applications and systems being used by the target.