[Owasp-leaders] [Owasp_wasc_web_hacking_incidents_database_project] Google maps for fusion

Jason Johnson jason.johnson at owasp.org
Sun Feb 23 01:10:32 UTC 2014


Agreed but I want to use googles GEOIP data not the place it happened. I
would like to take the data in this database and compare to the geoip
spaces of other countries. Its is probably huge amounts of IP tables but I
think that would be cool to make a view joining the two. OWL security
crawls the net and copies every text file the find and they do something
sort of like this. Then use the API1.0 to share it im not a huge fan of how
they allow access to the API 10thousand a month. If we can get a google
blessing we can use all there API stuff. Maybe compare the health of the
internet to the hacks in the database. I have access to twitters fire-hose
api so we can query huge amounts of tweets to gather a status. I started
this idea where I would search key words like HACK FAIL DEFACE and things
like that. So anytime a user would tweet about something with these words
in it I would suck up that tweet and the location. Twitter is a good
resourse for news my idea was WEBMOOD and then correlate that data with
others. So twitter was cool about letting me do this and gave me a 100
keyword lic to try it out. Issue 1 I turned on the fire-hose and its called
that fore a reason. I had about 1.2 million tweets with the term I GOT
HACKED. and over a period of 1 hour the size on my drive was like 1.2gig of
data in my DB. I wonder if we can put that data into a google fusion table?

This is my reason for emailing google and asking them if its cool that I
flood there fusion tables with tweets or GEOIP data. The government sort of
uses the same method. Is it useful? You tell me 1million tweets about
hacking going on at a location. TEAM OWASP could leverage a RISK management
or a safe fly zone for geoip zones.

I figured the leader may get a kick out this or least raise some questions
on my nuttiness. I learned long ago to not expect people to be motivated by
the same sickness I have. Maybe we should explore this and use it as a TEAM
OWASP tool to say hay we can help you find better ways to secure your
stuff, or at the most know what wave and how big the swell is that's about
to hit (Hawaii style there). I think this Database idea is a huge
opportunity to show people that risks may be prevented if we have the right
data.

Nice work Ryan I just wish I could do this 24 hours a day.

Thoughts?


On Sat, Feb 22, 2014 at 6:42 AM, Ryan Barnett <ryan.barnett at owasp.org>wrote:

> Google FusionTables already had geocode capabilities built in :). See the
> WHID link here -
>
> http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database#GeographicWHIDView
>
> While I agreed that this is a bit "cool" the usefulness of the data is the
> question. What is it good for?  It would be useful to give insights into
> Attacker Origins but that data is scarce (the public need reports seldom
> give this detail) or it is tough to narrow down to one location (think
> about an app level DDoS attack).
>
> I also have a column for attacked entity location but that too has
> challenges. What location do you use?  The corporate HQ or the location of
> the data center in a different state or country?
>
> Bottom line is that yes we can cool GEO map data directly in our database
> but we need to think a bit about how to use it.
>
> *Ryan Barnett*
>
> On Feb 22, 2014, at 1:05 AM, Jason Johnson <jason.johnson at owasp.org>
> wrote:
>
> I think it will be really cool to be able to use geo locations with google
> maps and import the fusion data into it. SOOOOOOO I sent a request to
> google to enable that ability on the database. We will see what they say.
>
> _______________________________________________
> Owasp_wasc_web_hacking_incidents_database_project mailing list
> Owasp_wasc_web_hacking_incidents_database_project at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_web_hacking_incidents_database_project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140222/43097b50/attachment.html>


More information about the OWASP-Leaders mailing list