Upload File

web application honeypot – open security summit

  • Home
  • Documents
  • Web Application Honeypot – Open Security Summit
7
Web Application Honeypot – Open Security Summit Adrian Winckles OWASP Cambridge Chapter leader Anglia Ruskin University – Course Leader

Upload: others

Post on 16-Oct-2021

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Web Application Honeypot – Open Security Summit

WebApplicationHoneypot– OpenSecuritySummit

AdrianWincklesOWASPCambridgeChapterleader

AngliaRuskinUniversity– CourseLeader

Page 2: Web Application Honeypot – Open Security Summit

Bio– AdrianWinckles

• Adrian Winckles is Course Leader/Senior Lecturer for BSc(Hons)Information Security and Forensic Computing and SecurityResearcher at Anglia Ruskin University. He is OWASP CambridgeChapter Leader, OWASP Europe Board Member and is involved inrebooting the Cambridge Cluster of the UK Cyber Security Forum.

• His security research programs include (in)security of softwaredefined networks/everything (SDN/Sdx), novel network botnetdetection techniques within cloud and virtual environments,distributed honeypots for threat intelligence, advanced educationaltechniques for teaching cybercrime investigation and virtual digitalcrimescene/incident simulation.

• He has successfully competed a contribution to the European FP7English Centre of Excellence for Cybercrime training, research andeducation (ECENTRE). He is vice chair of the BCS Cyber ForensicsSpecial Interest Group.

Page 3: Web Application Honeypot – Open Security Summit

OldProject

• Oldwikientry-– OWASPWiki

• ServerbackendremovedwhenRyanleftTrustwave• VM’sdisappearedfromWASC’sprojectsrepository• ExpertiseprobablywithinModSecCoreRuleSet(CRS)Project

Page 4: Web Application Honeypot – Open Security Summit

Inthemeantime

• DoesanyonehavetheoldhoneypotVM’s?• HaveinterncreatingnewprobeandbackendserveratPoC.

• Willmakebackendserveravailabletocommunityashavesomecapacityinuniversitydatacentre.

Page 5: Web Application Honeypot – Open Security Summit

ProjectReboot

• Updatenewwiki• UpdatenewGithub• DesignanddocumentaProofofConceptSystem/NetworkArchitectureto

actasatestbedforfutureexperimentation.• Developanddocumentaminimumofonevirtual/physicalhoneypot

devicethatcanbedeployedremotelyeitherasaVMimage,DockercontainerorasmallfactordevicesuchasRaspberryPi(withappropriatedummywebapplication)

• InstallandconfigureabackendservertoreceiveModSeccommunicationsfromhoneypotdevices.Testatleastonehoneypotdevicetocommunicatewiththeserverandreceiveattackalarms

• MechanismtoupdateprobewithanyCRSchanges• DevelopmentofaPoCmechanismtodisplayhoneypotalarmsonbackend

server.

Page 6: Web Application Honeypot – Open Security Summit

Futures

• Dockerbasedhoneypotprobe,smallcomputingprofilehoneypot

• Providemechanismforprovidingopensourcethreatintelligencetothecommunity.

• Providemechanismforcatchingspecificwebvulnerabilities

Page 7: Web Application Honeypot – Open Security Summit

Questions/Volunteers…


Honeypot ss

HONEYPOT. Introduction to Honeypot Honeytoken Types of Honeypots Honeypot Implementation Advantages and Disadvantages Role of Honeypot in

Advance Honeypot Mechanism- The Hybrid Solution for ... · Advance Honeypot Mechanism- The Hybrid Solution for Enhancing Computer System Security with DoS Swapnali Sundar Sadamate1,

Kevin Wharram Security Summit

1 Introduction to Honeypot, Botnet, and Security Measurement Cliff C. Zou 02/07/06

IMPLEMENTASI HONEYPOT DAN INTRUSION DETECTION …repo.polinpdg.ac.id/1021/1/APRISA_NOLLA.pdf · Alert feature, administrators can ... Keywords: Security, Detection, Honeypot, Snort,

Wearable Honeypot - Worcester Polytechnic Institute · wearable honeypot. to add security to a BAN. Previous honeypots are mostly used in enterprise environments. Recently, there

INFORMATION SECURITY SUMMIT 2015

Rapport Honeypot

PREVENTÍV HÁLÓZATVÉDELMI RENDSZEREK ALKALMAZÁSI … · preventive, IT, security, cyber, network security, honeypot, deception . 313 ÁTKÖTÉS Az előző részben összefoglaltam

A Web-Based Honeypot in IPv6 to Enhance Security

one childhood, one journey Honeypot House The Honeypot Playbus

Virtual honeypot

Compliance Security - Cyber Security Summit€¦ · Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org Compliance ≠ Security NIST 800-53 R4

Honeypot چیست

Security and IoT - ensiwiki.ensimag.fr · Mirai botnet Honeypot analyse Protection credit : wikipédia/CrystalClear. A telnet honeypot for MIRAI Sensible IoT devices are targeted

Honeypot Security - BrainStorm · awesome-honeypots (open-source). Allows IT department to become proactive on cyber security. Honeypot Security Honeypot planning cycle At least one

Security Summit Rome 2011

An Advanced Hybrid Honeypot for Providing Effective ...jecei.sru.ac.ir/article_1185_a4a5f543dcc7056104c70245431f7383.pdf · “honeypot”, honeypot is a security resource that its

Honeypot Advantages & Disadvantages - Institute for Security

Cyberlaw: Honeypot Edition - Cyber Security masters · PDF fileCyberlaw: Honeypot Edition Your guide to the legal issues and honeypots Jay Radcliffe

Lea Honeypot

Cyber security summit

u05 Honeypot

Honeypot-A Supplemented Active Defense for Network Security 2

Michigan Security Summit 2009

Honeypot Main

ITWeb Security Summit 2017 - Marketing opportunitiesv2.itweb.co.za/event/itweb/security-summit-2017/files/SS2017-Marke… · 3 ITWeb Security Summit 2017 - Marketing opportunities

Nuclear Security Summit 2010

Information Security Summit 2011

Gartner Security & Risk Management Summit 2015€¦ · 2 Gartner Security & Risk Management Summit 2015 ... The annual Gartner Security & Risk Management Summit equips security and

Honeypot Documentation

IT Security Summit 2016

Use of Honeypot and IP Tracing Mechanism for Prevention of ...Honeyd, HoneyBOT, and Specter Honeypots. . Honeyd: Honeyd is a honeypot for Linux/Unix developed by security researcher

Concurrency Security Summit presentation