[Owasp-appsensor-project] Interesting article - sounds like appsensor

Ryan Barnett rcbarnett at gmail.com
Thu Jun 17 08:27:18 EDT 2010

Some other hacker-traps (honeytokens) for web apps - 

Ryan C. Barnett
WASC Web Hacking Incident Database Project Leader
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security

On Thursday 17 June 2010 03:17:22 Bennetts, Simon wrote:
> Re the 'mini honeypots': that would be me then :)
> Been lurking on this list for a while, but not had a chance to contribute
> anything.
> Looking at the list of detection points I'd like to propose another one.
> As I mentioned in the Newcastle talk I put hidden fields in some forms
> which look like potential vulnerabilities. For example you could have
> "admin" set to "false".
> Of course these sort of fields are really 'hacker traps' - they can never
> be changed by any normal user actions. If they are changed then its a very
> good indication that someone is trying to attack your app.
> I realise that you could class these in the existing ACE* set, but
> personally I think its work having a specific new point, if only to
> promote the idea of putting such 'traps' in for hackers.
> And thanks for the talks Conlin, both very interesting.
> Cheers,
> Simon
> ________________________________________
> From: owasp-appsensor-project-bounces at lists.owasp.org
> [owasp-appsensor-project-bounces at lists.owasp.org] On Behalf Of Colin
> Watson [colin.watson at owasp.org] Sent: 16 June 2010 17:49
> To: Michael Coates
> Cc: owasp-appsensor-project
> Subject: Re: [Owasp-appsensor-project] Interesting article - sounds like   
>     appsensor
> No don't know him.
> The AppSensor talk at OWASP Leeds/North in Newcastle, UK went down
> very well this evening.  Lots of interest.  One guy already using mini
> honeypots in their apps (checking for modification to otherwise
> useless hidden fields).
> Colin
> On 16 June 2010 19:15, Michael Coates <michael.coates at owasp.org> wrote:
> > Actually it does.  I'd like to introduce the AppSensor project to Dave
> > Aitel.  Does anyone know him and would be willing to pass along this info
> > or introduce us?
> > 
> > Michael Coates
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
> If you've received this email by mistake, we're sorry for bothering you. It
> may contain information that's confidential, so please delete it without
> sharing it. And if you let us know, we can try to stop it from happening
> again. Thank you.
> We may monitor any emails sent or received by us, or on our behalf. If we
> do, this will be in line with relevant law and our own policies.
> Sage (UK) Limited. Registered in England at North Park, Newcastle upon
> Tyne, NE13 9AA. Registered number 1045967.
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100617/8b96a5a7/attachment.html 

More information about the Owasp-appsensor-project mailing list