dcsimg

Breach Security Leads Research Team for the Web Application Security Consortium (WASC)&aposs New Distributed Open Proxy Honeypot Project

CARLSBAD, Calif., May 15 /PRNewswire/ -- Breach Security, Inc., the leader in web application security, today announced the results of the Web Application Security Consortium's (WASC) new Distributed Open Proxy Honeypot Project. The Honeypot Project is capturing live web attack data with sensors placed around the world to provide concrete examples of the types of attacks occurring "in the wild," in addition to raising awareness and developing effective countermeasures to new threats. Since January, the Honeypot Project has logged nearly one million web requests.

CARLSBAD, Calif., May 15 /PRNewswire/ — Breach Security, Inc., the leader in web application security, today announced the results of the Web Application Security Consortium's (WASC) new Distributed Open Proxy Honeypot Project. The Honeypot Project is capturing live web attack data with sensors placed around the world to provide concrete examples of the types of attacks occurring "in the wild," in addition to raising awareness and developing effective countermeasures to new threats. Since January, the Honeypot Project has logged nearly one million web requests.

Targeted web applications attacks are on the rise, exposing sensitive information such as credit card numbers, health records and student grades, however, there is little formal research available on attack methodology and remediation. The WASC Honeypot Project serves the security and business communities by providing greater insight into the different types of attacks and statistical evidence on the latest targeted web application attacks.

WASC is group of international security experts and industry leaders that develop, adopt, and advocate best-practice security standards for web application security. Breach Security is leading the WASC Distributed Open Proxy Honeypot Project.

The Distributed Open Proxy Honeypot Project initially began in January 2007 and is led by WASC officer Ryan C. Barnett, director of Application Security Training for Breach Security, Inc. The Honeypot Project uses one of the web attacker's most trusted tools against them — the open proxy server. Open proxy servers are routinely used by web attackers to hide the true source of their attacks. Seven open proxy servers in countries around the world including Germany, Greece, Russia and the United States are actively collecting attack data. Additional sensors will be added in the near future to broaden the scope of the project.

"The lack of public knowledge and attack intelligence against web applications can be attributed to a variety of factors such as companies failing to detect the attack at all, inadequate logging capabilities, or lack of public disclosure," said Barnett. "This project provides specific details of these types of attacks that organizations can utilize to better protect themselves and understand the payload that these attacks are unleashing."

The open proxy honeypots are used as a conduit for attack data to gather attack intelligence and techniques, rather than operating as targets for attack. By deploying multiple, specially configured open proxy server honeypots, WASC is able to take a granular look at the types of malicious traffic that are attacking these systems. This research project differs from typical web attack data by focusing on the attacks directed at unprotected web applications and not attacks aimed at the operating system or browser vulnerabilities.

"The Distributed Open Proxy Honeypot Project provides much needed insight into the types of vulnerabilities being exploited," said Robert Auger, Co-Founder of WASC.

While the Distributed Open Proxy Honeypot Project was only recently started, impressive samples of data have already been extracted. The data presented was collected from January 15th through April 30th 2007. Of the nearly one million web requests processed, nearly 20% proved to exhibit known malicious attacks or anomalous behavior. The results included:

Top Attacks by Volume: * The largest amount of traffic was attributed to banner ad/click-through fraud with approximately 157,906 requests * The majority of web attacks used automated programs with approximately 151,915 alerts generated * Spammers represent the third highest number of users of the open proxy servers with approximately 109,654 requests Top Attacks by Severity: * SQL Injection attacks were less common; however they were certainly the most critical * Web Defacement attacks that attempted to take advantage of server mis-configurations were identified * Information Leakage proved to be a significant issue as many web sites are configured to provide unnecessarily detailed error messages which can reveal vulnerabilities to a hacker

Providing data and research, the global net of honeypots run Breach Security's open source ModSecurity core rules to identify and block attacks. The ModSecurity open source web application firewall is the most widely deployed with 10,000 users worldwide. This highly flexible web application firewall can be used for a wide range of functions including web application monitoring, web intrusion detection and prevention, as well as "just in time" virtual patching of known vulnerabilities. The Honeypot Project is also using the ModSecurity Console, a network-based tool designed to collect logs and alerts from remote ModSecurity sensors in real-time. The console provides security analysts with a single interface for monitoring the security of their web applications.

For more information and statistics related to the WASC Distributed Open Proxy Honeypot Project, please view the Breach Security Web Security Threat Report webcast accessible at www.breach.com/webinars.asp. For product information, please visit http://www.breach.com or call +760 444 6150.

WASC maintains a number of projects to generate web application security awareness, classify threats against web applications, and provide evaluation criteria for web application security solutions. Additional information about the WASC Distributed Open Proxy Honeypot Project can be found at http://www.webappsec.org/projects/honeypots/.

About Breach Security, Inc.

Breach Security, Inc. is a leading provider of next-generation web application security that protects corporate-critical information. Breach effectively protects web applications of commercial enterprises and government agencies alike against Internet hacking attacks and provides an effective solution for expanding security challenges such as identity theft, information leakage, and insecurely coded applications. Breach's solutions are ideal for any organization's regulatory compliance requirements for security. Breach was founded in 2004 and is headquartered in Carlsbad, Calif. For more information visit: www.breach.com.

About WASC

The Web Application Security Consortium (WASC) is an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web. As an active community, WASC facilitates the exchange ideas and organizes several industry projects. WASC consistently releases technical information, contributed articles, security guidelines, and other useful documentation. Businesses, educational institutions, governments, application developers, security professionals, and software vendors all over the world utilize our materials to assist with the challenges presented by web application security. Membership and participation in WASC related activities is free and open to all. For more information visit: http://www.webappsec.org.

SOURCE Breach Security, Inc.

Comments are closed.