OSINT gathering

- [Instructor] If you've already deployed to production, chances are attackers can gather information about your application using open source intelligence or OSINT gathering techniques. But what exactly can they do with that information? In order to answer that question, it helps to understand what OSINT actually is. Open source intelligence, or OSINT gathering, has its roots in the government space, particularly the military. Military organizations look for each and every advantage they can have over their opponents and the advantage of intelligence can help win battles against superior forces. When it comes to protecting your web applications, you should absolutely spend time collecting OSINT on those apps in order to better understand what information is available to a potential attacker. If your non-production systems live inside your network or your cloud environment, then there shouldn't be much OSINT available…
