Sitedigger shines light on exposed corporate data

By Steve Malone

Posted on 11 Jan 2005 at 10:38

While most companies are only too happy to have their websites indexed by the likes of Google and have the pages appear on the results pages of the major search engines, sometimes the process can go a bit too far.

Sometimes web pages containing sensitive company information intended for the eyes of employees or partners only, is accidentally spidered by a search engine bot and appears for all the world to see. Google's cacheing technology then makes it difficult to remove.

Sitedigger 2.0 from Foundstone Professional Services, a subsidiary of security specialist McAfee, works with Google's indexes to uncover all the hidden vulnerabilities and unintentional exposures of information held on corporate web servers.

'While companies have become increasingly vigilant about guarding their corporate networks from break-ins, they also need to be able to account for potential human errors with information inadvertently made visible on the Internet,' said Mark Curphey, Director of Consulting for Foundstone Professional Services.

The tool covers seven potential areas of vulnerability such as privacy, back-up files, configuration mistakes, remote administrator interface, error messages, public vulnerabilities, and technology profile. The tool provides signature update functionality and a dynamic graphical user interface.

Sitedigger is available as a free download from the Foundstone website.