[Owasp-appsensor-project] Interesting article - sounds like appsensor

Bennetts, Simon Simon.Bennetts at sage.com
Thu Jun 17 03:17:22 EDT 2010


Re the 'mini honeypots': that would be me then :)

Been lurking on this list for a while, but not had a chance to contribute anything.

Looking at the list of detection points I'd like to propose another one.
As I mentioned in the Newcastle talk I put hidden fields in some forms which look like potential vulnerabilities.
For example you could have "admin" set to "false".
Of course these sort of fields are really 'hacker traps' - they can never be changed by any normal user actions.
If they are changed then its a very good indication that someone is trying to attack your app.

I realise that you could class these in the existing ACE* set, but personally I think its work having a specific new point, if only to promote the idea of putting such 'traps' in for hackers.

And thanks for the talks Conlin, both very interesting.

Cheers,

Simon

________________________________________
From: owasp-appsensor-project-bounces at lists.owasp.org [owasp-appsensor-project-bounces at lists.owasp.org] On Behalf Of Colin Watson [colin.watson at owasp.org]
Sent: 16 June 2010 17:49
To: Michael Coates
Cc: owasp-appsensor-project
Subject: Re: [Owasp-appsensor-project] Interesting article - sounds like        appsensor

No don't know him.

The AppSensor talk at OWASP Leeds/North in Newcastle, UK went down
very well this evening.  Lots of interest.  One guy already using mini
honeypots in their apps (checking for modification to otherwise
useless hidden fields).

Colin

On 16 June 2010 19:15, Michael Coates <michael.coates at owasp.org> wrote:
> Actually it does.  I'd like to introduce the AppSensor project to Dave
> Aitel.  Does anyone know him and would be willing to pass along this info or
> introduce us?
>
> Michael Coates
> OWASP
_______________________________________________
Owasp-appsensor-project mailing list
Owasp-appsensor-project at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
If you've received this email by mistake, we're sorry for bothering you. It may contain information that's confidential, so please delete it without sharing it. And if you let us know, we can try to stop it from happening again. Thank you. 

We may monitor any emails sent or received by us, or on our behalf. If we do, this will be in line with relevant law and our own policies.

Sage (UK) Limited. Registered in England at North Park, Newcastle upon Tyne, NE13 9AA. Registered number 1045967.


More information about the Owasp-appsensor-project mailing list