Security Advisories

Trustwave Press Releases

« SpiderLabs Radio December 7, 2012 w/ Space Rogue | Main | How to Hack and Not Get Caught »

08 December 2012


I notice numerous requests for favicons in my server logs. Many of these have empty user agents and blank referrers and show no request for any other addresses.

Out of curiosity, what do pen testers learn by requesting the favicon that they would not otherwise learn?

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment