Information Leakage Through HTML

Information
Leakage Through HTML

Information leakage through HTML is a subtle
issue. You can never pinpoint whether a particular piece of information
displayed in the HTML source is dangerous simply by looking at it. A hacker has
to take into account the big picture. Because he never knows what the missing
pieces are until almost the very end of the puzzle, information derived from
source sifting may not be relevant until the other pieces of the puzzle are put
in place. The attack on acme-art.com, as discussed in the part opener Case
Study, was successful only because the hacker was able to piece together
information from HTML comments and hidden fields within forms.

In this chapter, we discuss the common
sources of information leakage and what can be done to prevent them. Before we
take a look at the fine art of gathering clues, let's quickly review how to use
the tools we need for our tasks�the browsers.