Various embodiment methods for performing security-focused web crawling by a server may include identifying sensitive data on a first web page, and generating a first document object model (DOM) for the first web page in which the first DOM represents the sensitive data on the first web page. Various embodiments may further include comparing one or more attributes of the sensitive data in the first DOM with the one or more attributes of the sensitive data in a second DOM for a second web page, and determining whether the first web page is different from the second web page based on the comparison of the one or more attributes of the sensitive data in the first DOM and the second DOM.