Fingerprinting is an information-gathering technique that enables threat actors to profile and subsequently attack an application. The relevant data is acquired from the names and values specified in the HTTP header, that ultimately differentiate and profile an application.
Fingerprinting assesses the foundation of a site to determine characteristics such as, what server and software are running. Automated bots are often programmed to acquire this information and will also seek:
- URL path case sensitivity
- URL path patterns
- Error messages
It’s worth noting that while fingerprinting assesses an application’s important components, it is a less detailed analysis of an application’s working parts than footprinting.