[Owasp-appsensor-project] Interesting article - sounds like appsensor

Ryan Barnett rcbarnett at gmail.com
Thu Jun 17 08:27:18 EDT 2010


Some other hacker-traps (honeytokens) for web apps - 
http://blogs.sans.org/appsecstreetfighter/2009/06/04/my-top-6-honeytokens/

--
Ryan C. Barnett
WASC Web Hacking Incident Database Project Leader
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security
http://tacticalwebappsec.blogspot.com

On Thursday 17 June 2010 03:17:22 Bennetts, Simon wrote:
> Re the 'mini honeypots': that would be me then :)
> 
> Been lurking on this list for a while, but not had a chance to contribute
> anything.
> 
> Looking at the list of detection points I'd like to propose another one.
> As I mentioned in the Newcastle talk I put hidden fields in some forms
> which look like potential vulnerabilities. For example you could have
> "admin" set to "false".
> Of course these sort of fields are really 'hacker traps' - they can never
> be changed by any normal user actions. If they are changed then its a very
> good indication that someone is trying to attack your app.
> 
> I realise that you could class these in the existing ACE* set, but
> personally I think its work having a specific new point, if only to
> promote the idea of putting such 'traps' in for hackers.
> 
> And thanks for the talks Conlin, both very interesting.
> 
> Cheers,
> 
> Simon
> 
> ________________________________________
> From: owasp-appsensor-project-bounces at lists.owasp.org
> [owasp-appsensor-project-bounces at lists.owasp.org] On Behalf Of Colin
> Watson [colin.watson at owasp.org] Sent: 16 June 2010 17:49
> To: Michael Coates
> Cc: owasp-appsensor-project
> Subject: Re: [Owasp-appsensor-project] Interesting article - sounds like   
>     appsensor
> 
> No don't know him.
> 
> The AppSensor talk at OWASP Leeds/North in Newcastle, UK went down
> very well this evening.  Lots of interest.  One guy already using mini
> honeypots in their apps (checking for modification to otherwise
> useless hidden fields).
> 
> Colin
> 
> On 16 June 2010 19:15, Michael Coates <michael.coates at owasp.org> wrote:
> > Actually it does.  I'd like to introduce the AppSensor project to Dave
> > Aitel.  Does anyone know him and would be willing to pass along this info
> > or introduce us?
> > 
> > Michael Coates
> > OWASP
> 
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
> If you've received this email by mistake, we're sorry for bothering you. It
> may contain information that's confidential, so please delete it without
> sharing it. And if you let us know, we can try to stop it from happening
> again. Thank you.
> 
> We may monitor any emails sent or received by us, or on our behalf. If we
> do, this will be in line with relevant law and our own policies.
> 
> Sage (UK) Limited. Registered in England at North Park, Newcastle upon
> Tyne, NE13 9AA. Registered number 1045967.
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100617/8b96a5a7/attachment.html 


More information about the Owasp-appsensor-project mailing list