Skip to content
  • There are no suggestions because the search field is empty.

How do I make sure I assess all relevant web applications?

Cybercriminals often focus on secondary or less visible web applications rather than the main website, as these are more likely to contain vulnerabilities. Identifying all web applications associated with your organization is an important step before starting web application assessments.

Tip 1: Use Google to list your web applications

You can use Google Search to discover additional web applications hosted on subdomains.

  1. Go to www.google.com (external website).

  2. Use the following search query, replacing yourbusiness.com with your own domain:

    site:yourbusiness.com -www

  3. Review the results to identify subdomains that host web applications.

Example:

site:holmsecurity.com -www

This search returns web applications hosted on subdomains while excluding the main www site.

Tip 2: Try different top‑level domains (TLDs)

Repeat the same search using different TLDs that your organization may own, such as:

  • .info

  • .net

  • .org

This can help uncover additional web applications that may otherwise be overlooked.