Search engines doing really great job in indexing content. Of course everyone wants to be at the top of the search results. But sometimes it can lead to security issues. In this short article we will give a few examples and describe how you can fix the indexing problem.
Note: This information is provided for educational purposes. The author is not responsible for your actions.
Examples
1) The query below is made in an attempt to find the git directory
intitle:”index of” “/.git/config” “2022”
2) The query below is made in an attempt to find a Netsparker security scanning report
intitle:”netsparker scan report” ext:pdf
More examples can be found here: https://www.exploit-db.com/google-hacking-database
How to fix it?
You may play with Google to check what is indexed in your case. Usually, you need to remove indexing for at least two subdomains(APP and API).
- No pages for API (https://api.example.com) and APP(https://app.example.com) should be indexed. Add the following route for /robots.txt:
User-agent: *
Disallow: /
2. For the React HTML template add the following:
<meta name=”robots” content=”noindex” />
3. Submit a search index removal to google for any routes that have been indexed
Read more
Implementing Application Security on your project
DevSecOps — What Security Controls exist and when to implement them?
iOS Apps Security scanners practical comparison
Follow me and stay secure!
