Application Security Terminology



Fingerprinting (or Footprinting) a target’s web presence is often an attacker’s first step in planning an attack. The purpose is to accumulate as much information as possible,including the target’s platform, application softwaretechnology, backend database version,configurations, and possibly even the networkarchitecture/ topology.

Multitier fingerprinting is similar to its predecessor, TCP/IP Fingerprinting (with a scanner such as Nmap) except that it is focused on the Application Layer of the OSI model instead of the Transport Layer. Based on the information gleaned from Fingerprinting/Footprinting exercises, the attackercan develop an accurateattack scenario to exploit vulnerabilities in applications and systems being used by the target.