Web Application Honeypot – Open Security Summit Adrian Winckles OWASP Cambridge Chapter leader Anglia Ruskin University – Course Leader
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
-
WebApplicationHoneypot– OpenSecuritySummit
AdrianWincklesOWASPCambridgeChapterleader
AngliaRuskinUniversity– CourseLeader
-
Bio– AdrianWinckles
• Adrian Winckles is Course Leader/Senior Lecturer for BSc(Hons)Information Security and Forensic Computing and SecurityResearcher at Anglia Ruskin University. He is OWASP CambridgeChapter Leader, OWASP Europe Board Member and is involved inrebooting the Cambridge Cluster of the UK Cyber Security Forum.
• His security research programs include (in)security of softwaredefined networks/everything (SDN/Sdx), novel network botnetdetection techniques within cloud and virtual environments,distributed honeypots for threat intelligence, advanced educationaltechniques for teaching cybercrime investigation and virtual digitalcrimescene/incident simulation.
• He has successfully competed a contribution to the European FP7English Centre of Excellence for Cybercrime training, research andeducation (ECENTRE). He is vice chair of the BCS Cyber ForensicsSpecial Interest Group.
-
OldProject
• Oldwikientry-– OWASPWiki
• ServerbackendremovedwhenRyanleftTrustwave• VM’sdisappearedfromWASC’sprojectsrepository• ExpertiseprobablywithinModSecCoreRuleSet(CRS)Project
-
Inthemeantime
• DoesanyonehavetheoldhoneypotVM’s?• HaveinterncreatingnewprobeandbackendserveratPoC.
• Willmakebackendserveravailabletocommunityashavesomecapacityinuniversitydatacentre.
-
ProjectReboot
• Updatenewwiki• UpdatenewGithub• DesignanddocumentaProofofConceptSystem/NetworkArchitectureto
actasatestbedforfutureexperimentation.• Developanddocumentaminimumofonevirtual/physicalhoneypot
devicethatcanbedeployedremotelyeitherasaVMimage,DockercontainerorasmallfactordevicesuchasRaspberryPi(withappropriatedummywebapplication)
• InstallandconfigureabackendservertoreceiveModSeccommunicationsfromhoneypotdevices.Testatleastonehoneypotdevicetocommunicatewiththeserverandreceiveattackalarms
• MechanismtoupdateprobewithanyCRSchanges• DevelopmentofaPoCmechanismtodisplayhoneypotalarmsonbackend
server.
-
Futures
• Dockerbasedhoneypotprobe,smallcomputingprofilehoneypot
• Providemechanismforprovidingopensourcethreatintelligencetothecommunity.
• Providemechanismforcatchingspecificwebvulnerabilities
-
Questions/Volunteers…
Related Documents
