Sub-Domain Takeovers — How Can Companies Better Secure Their Assets? Part 1

What are Sub-Domains?

For those of you who may not know what a sub-domain is here’s a brief description in my own words.

Sub-Domains are children to a parent domain or top-level domains (TLD). For example, https://example.com may have a sub-domain with the following URLs http://devlopment.server.example.com and http://staging.server.example.com.


Why do Sub-Domains exist?

There are several reasons why sub-domains are used. Here are some of the main reasons I have come across during my research.

  • CNAME (Canonical Name Record) — pointing to a third party service that includes WordPress, Pantheon, and GitHub Pages.
  • Hosting static resources — such as images, files, and other data that may not necessarily need to be hosted on a company’s internal servers. Services such as Amazon Web Services (AWS), Microsoft’s Azure, Google Cloud Engine, and Content Delivery Networks (CDNs).
  • Development and Staging Environments — creating sub-domains that point to servers that aren’t meant to be public or discovered by end-users or web crawlers.
  • API endpoints integrations — creating sub-domains that point to an API endpoint that is meant to serve RESTFUL data to and from applications.