Preventing Google Hacking : Steps to protect your web application / SPI Labs, May 2007
PDF - https://www.spidynamics.com/assets/documents/Preventing_Google_Hacking.pdf
"The nature of web sites and applications is to be publicly accessible. When combined with search engine functionality, it makes it easy for regular users and strangers alike to access your site or find out information about your organisation. This also comes with a price. When a search engine “indexes” a site, it is also inadvertently providing a treasure trove of information for potential attackers. Directory listings, error pages, hidden login pages…all of these can be indexed, and even cached, via search engines. However, there are some tactics security professionals can employ before Google, or anyone else, has a chance to see the site that can greatly improve its security posture, and also some methods of recourse which can be taken if your application has already been indexed by search engines. The aim of this white paper is to describe how a hacker utilizes search engine information to exploit vulnerabilities within a web application, detail how to test and find such vulnerabilities first, and list what to do if your application has already been indexed by search engines."