TABLE OF CONTENTS There is no doubt that the advent of the Internet (more specifically, the World Wide Web) has sparked a revolution in how we share information as families, businesses, and world citizens. Perhaps the most important technological invention since the printing press, this one single communication medium holds tomes of information on practically any subject, although that itself is its largest weakness. There are now over 54 million sites on the Web [1], and search engines are critical to users for finding valuable information on these sites.
Simple Nomad first documented search engine hacking in late 1997 and published a series of papers on how to use his favorite search engine of the time (AltaVista). Although the search engines used have changed, using them to find vulnerabilities in Web sites is still a novel approach, for "Google crawls all" both the good and the bad. If you can form a query for a particular vulnerability, the chances are that Google can find it. With a little understanding of Web application security, however, you will realize that vulnerabilities in sites go beyond even what can be discovered with a search engine. In this appendix we discuss the basics of these vulnerabilities.
[1] As reported by Netcraft.com in the September 2004 Web Server Survey, http://news.netcraft.com/archives/web_server_survey.html.
