Deep Web
What is Deep Web?
Deep WebAll web content that is not indexed by public search engines, including private databases, intranets, and authenticated portals; distinct from the dark web.
The Deep Web is everything reachable over the regular internet that search engines like Google or Bing cannot crawl, typically because pages are behind authentication, paywalls, dynamic queries, or robots.txt exclusions. Examples include online banking dashboards, corporate intranets, medical record portals, and database-backed query results. The Deep Web is overwhelmingly mundane and legitimate and should not be confused with the Dark Web, which is a small subset accessed only through anonymising overlay networks such as Tor. From a security perspective, the deep-web layer is where most sensitive data actually lives, so it is the main target of credential stuffing, broken-access-control bugs, and exposed-API attacks. Defences are conventional: authentication, authorization, segmentation, logging, and attack-surface management.
● Examples
- 01
Your online banking portal after login, not reachable via Google.
- 02
An internal SharePoint site behind corporate SSO.
● Frequently asked questions
What is Deep Web?
All web content that is not indexed by public search engines, including private databases, intranets, and authenticated portals; distinct from the dark web. It belongs to the Attacks & Threats category of cybersecurity.
What does Deep Web mean?
All web content that is not indexed by public search engines, including private databases, intranets, and authenticated portals; distinct from the dark web.
How does Deep Web work?
The Deep Web is everything reachable over the regular internet that search engines like Google or Bing cannot crawl, typically because pages are behind authentication, paywalls, dynamic queries, or robots.txt exclusions. Examples include online banking dashboards, corporate intranets, medical record portals, and database-backed query results. The Deep Web is overwhelmingly mundane and legitimate and should not be confused with the Dark Web, which is a small subset accessed only through anonymising overlay networks such as Tor. From a security perspective, the deep-web layer is where most sensitive data actually lives, so it is the main target of credential stuffing, broken-access-control bugs, and exposed-API attacks. Defences are conventional: authentication, authorization, segmentation, logging, and attack-surface management.
How do you defend against Deep Web?
Defences for Deep Web typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Deep Web?
Common alternative names include: Invisible Web, Hidden Web.
● Related terms
- attacks№ 271
Dark Web
A subset of the internet that requires special software such as Tor or I2P to access and that intentionally hides both client and server identities.
- attacks№ 1165
Tor / Tor Browser
An anonymity network and hardened Firefox-based browser that routes traffic through three relays using onion routing to conceal user identity and destination.
- attacks№ 755
Onion Routing
An anonymous communication technique that wraps a message in nested layers of encryption, with each relay removing one layer until the payload reaches its destination.
- defense-ops№ 072
Attack Surface Management (ASM)
Continuous discovery, inventory, classification, and monitoring of all assets that expose an organization to potential cyberattack.
- identity-access№ 076
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
- identity-access№ 077
Authorization
The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.
● See also
- № 503I2P