Breach Security, Inc. has announced the first results of the Web Application Security Consortium's (WASC) new Distributed Open Proxy Honeypot Project. The Honeypot Project is capturing live web attack data with sensors placed around the world to provide concrete examples of the types of attacks occurring "in the wild," in addition to raising awareness and developing effective countermeasures to new threats. Since January, the Honeypot Project has logged nearly one million web requests.
Targeted web applications attacks are on the rise, exposing sensitive information such as credit card numbers, health records and student grades, however, there is little formal research available on attack methodology and remediation. The WASC Honeypot Project serves the security and business communities by providing greater insight into the different types of attacks and statistical evidence on the latest targeted web application attacks.
WASC is a group of international security experts and industry leaders that develop, adopt, and advocate best-practice security standards for web application security. Breach Security is leading the WASC Distributed Open Proxy Honeypot Project.
The Distributed Open Proxy Honeypot Project initially began in January 2007. It uses one of the web attacker's most trusted tools against them - the open proxy server. Open proxy servers are routinely used by web attackers to hide the true source of their attacks. Seven open proxy servers in countries around the world including Germany, Greece, Russia and the United States are actively collecting attack data. Additional sensors will be added in the near future to broaden the scope of the project.
The open proxy honeypots are used as a conduit for attack data to gather attack intelligence and techniques, rather than operating as targets for attack. By deploying multiple, specially configured open proxy server honeypots, WASC is able to take a granular look at the types of malicious traffic that are attacking these systems. This research project differs from typical web attack data by focusing on the attacks directed at unprotected web applications and not attacks aimed at the operating system or browser vulnerabilities.
While the Distributed Open Proxy Honeypot Project was only recently started, interesting samples of data have already been extracted. The data presented was collected from January 15th to April 30th 2007. Of the nearly one million web requests processed, nearly 20 per cent proved to exhibit known malicious attacks or anomalous behaviour. The results included:
Top attacks by volume:
Related links: (Open in a new window.)
www.breach.com
www.webappsec.org/projects/honeypots/
View printable version (opens in new window)
Back