Step 1: Identify what could be Google hacked

Most Websites of any size at all contain both public data and private data, but we're not worried about public data. The concern is the private data that is stored on a hidden backend page or in a backend database and is not intended to be seen by the public. For example, most often, the really dangerous private data consists of information about customers who have placed orders over the company's Web site, like addresses or credit card numbers. But the concept of private data extends beyond a virtual storefront, your site's private data is anything that resides on your Web site or that is connected to your Web site (through a backend application) that you do not wish to be disclosed to the public.

You need to make a determination as to what on your Web site might be considered private. For the sake of example, I will assume that your site contains an online ordering system and that your customer information needs to remain private. I will therefore focus the rest

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Windows security tools Using System Center Essentials as a patch management tool Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator Four Internet Explorer 8 group policy security settings Microsoft Stirling security console delayed for more integration Why should Windows shops use Microsoft Baseline Security Analyzer? Using Sysinternals tools in security management scenarios Sysinternals tools: A must-have for every Windows security toolbox Windows security tools roundup Top Windows client security tools for end users Microsoft Internet Explorer management Four Internet Explorer 8 group policy security settings Safe enterprise Web browsing: Five tips in five minutes Top client security tips of 2006 Phishing filter: Step 2 General security configuration: Step 1 Windows Vista and IE7: Step 5 ActiveX opt-ins, information bar and cross-domain protection: Step 4 Protection against international domain names, URL handling: Step 3 IE8 brings focus to cross-browser compatibility and Web standards Cross-site Scripting 102: How to defend against cross-site scripting

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ActiveX  (SearchEnterpriseDesktop.com) ActiveX control  (SearchEnterpriseDesktop.com) Internet Explorer  (SearchEnterpriseDesktop.com) Internet Explorer Administration Kit  (SearchEnterpriseDesktop.com) tabbed browsing  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

of this article around sniffing out and protecting customer information. If your site has some other type of private information that needs to be protected, then you can adapt these same techniques to your own individual situation.

If customer information is what you want to protect, then you need to have some specific information on hand that you can search for. I recommend going through your customer database and pulling out a few names, phone numbers, addresses etc. See my previous article on Google hack Honeypots for how to search credit card number ranges.

I recommend using data from older orders if possible because Google does not index Web sites in real time, and if your site does contain a design flaw, Google may not have indexed the data from newer orders yet. You will never find the problem if you are searching for data that hasn't been indexed.

[TABLE]