Cloud Security Authors: Elizabeth White, Pat Romanski, Maria C. Horton, Liz McMillan, Ravi Rajamiyer

Related Topics: Cloud Security

News Feed Item

Breach Security to Present 'Latest Hacks and Attacks' From the Web Application Security Consortium (WASC)'s Distributed Open Proxy Honeypot Project

In October alone, the Honeypot Project logged over two million web attacks

CARLSBAD, Calif., Nov. 7 /PRNewswire/ -- Breach Security, Inc., the leader in web application security, will be presenting 'Latest Hacks and Attacks' from the Web Application Security Consortium's (WASC) Distributed Open Proxy Honeypot Project at next week's Open Web Application Security Project (OWASP) & WASC AppSec 2007 Conference, in San Jose, CA.

The Distributed Open Proxy Honeypot Project initially began in January 2007 and is led by WASC officer Ryan C. Barnett, director of Application Security Training for Breach Security, Inc. Utilizing globally located open proxy servers and sensors, the Honeypot Project captures live attack data to provide specific examples of targeted web application attacks. Barnett will discuss the new findings on Wednesday, November 14th during the first day of the AppSec conference.

The open proxy honeypots are specially configured vmware hosts used as a medium for gathering attack data. Much of the traffic passing through the open proxies is from hackers or spammers looking to cover their tracks. When the project initially began in January, analysts collected data from seven open proxy servers in countries around the world including Germany, Greece, Russia and the United States.

The project has broadened over the past year, with the number of participating sensors doubling in number to 14. New open proxy servers are now located in Romania, Argentina, and Belgium. By deploying multiple open proxy server honeypots, WASC is able to take a granular look at the types of malicious traffic that are utilizing these systems.

"The evidence from this project demonstrates that web application attacks are increasing at an alarming rate. There are two main contributors to this trend; first, attackers have increased anonymity by looping through numerous open proxies or compromised hosts and are therefore more brazen in their attacks, and second is the increased usage of automation," said Barnett. "Organizations need to ensure that they have adequate anti-automation mitigations in place to protect their web applications from these forms of attacks. Unfortunately, most web applications are not able to correlate data between transactions to identify when 'non-human' interactions are taking place, and thus, it is only a matter of time before an attacker can gain unauthorized access to data."

While the Distributed Open Proxy Honeypot Project started in January 2007, the data presented below was collected solely in October 2007 -- all data is compared to the four month cycle of the phase one of the project, which was collected from January 15th through April 30th 2007.

Project Scope: * In October alone, the Honeypot Project logged close to nine million web requests, compared to nearly one million web requests during phase one. * Over two million of all processed web requests in October exhibited known malicious attacks or anomalous behavior, as identified by the custom ModSecurity rule set. Top Attacks by Volume: * The largest amount of traffic was attributed to banner ad/click-through fraud with approximately 2.6 million requests, compared to less than 158,000 in phase one. * Spammers represent the second highest number of users of the open proxy servers with approximately nearly two million requests, compared to slightly more than 109,600 requests in phase one. * Continuing to follow the trend from phase one, the majority of web attacks continue to use automated programs, which increase the need for anti-automation defenses. Top Attacks by Severity: * Numerous websites are including malicious Javascript code which attempts to exploit unpatched browser flaws and install malware onto client machines. * Spammers are utilizing an extensive distributed reverse brute force authentication scan against a popular email provider's accounts. They are considered "stealthy" scans as they are distributing their scan across hundreds of unique email authentication hosts and are using specific "common" passwords and then cycling through different usernames, thus decreasing the likelihood of locking out accounts. Spammers can enumerate information to identify valid email accounts, or worse, to identify valid login credentials and actually hijack user accounts. * Information leakage continues to be a significant problem as many websites are configured to provide overly detailed error messages which can reveal vulnerabilities to a hacker.

"This research project differs from conventional web attack statistics as we have wide visibility of attack traffic, whereas most organizations only see data destined for their specific sites," said Barnett. "We present this project to the security and business community to build awareness by offering fresh insight into the multiple forms of web application attacks that are occurring."

The global net of honeypots run Breach Security's open source ModSecurity core rules to identify and block attacks and provide research data. The ModSecurity open source web application firewall is the most widely deployed with 10,000 users worldwide. This highly flexible web application firewall can be used for a wide range of functions including web application monitoring, web intrusion detection and prevention, as well as "just in time" virtual patching of known vulnerabilities. The Honeypot Project is also using Breach Security's commercial ModSecurity Management Appliance (MMA), a network-based tool designed to collect logs and alerts from remote ModSecurity sensors in real-time. The MMA provides security analysts with a single interface for monitoring the security of their web applications.

For more information on the Breach Security, the OWASP & WASC AppSec 2007 Conference, and statistics related to the WASC Distributed Open Proxy Honeypot Project, please visit http://www.breach.com/ or call +760 444 6150.

WASC maintains a number of projects to generate web application security awareness, classify threats against web applications, and provide evaluation criteria for web application security solutions. Additional information about the WASC Distributed Open Proxy Honeypot Project can be found at http://www.webappsec.org/projects/honeypots/.

About Breach Security, Inc.

Breach Security, Inc. is the leading provider of next-generation web application security that protects sensitive web-based information. Breach Security protects web applications from Internet hacking attacks and provides an effective solution for emerging security challenges such as identity theft, information leakage, and insecurely coded applications. Breach Security's solutions also support regulatory compliance requirements for security. The company's WebDefend web application firewall is ICSA Labs certified. Founded in 2004, Breach Security is headquartered in Carlsbad, Calif. For more information, please visit: http://www.breach.com/.

About WASC

The Web Application Security Consortium (WASC) is an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best- practice security standards for the World Wide Web. As an active community, WASC facilitates the exchange ideas and organizes several industry projects. WASC consistently releases technical information, contributed articles, security guidelines, and other useful documentation. Businesses, educational institutions, governments, application developers, security professionals, and software vendors all over the world utilize our materials to assist with the challenges presented by web application security. Membership and participation in WASC related activities is free and open to all. For more information visit: http://www.webappsec.org/.

Breach Security, Inc.

CONTACT: U.S., Ronnie Manning of Madison Alexander PR, +1-619-822-2239,
[email protected], for Breach Security, Inc.

Web site: http://www.breach.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
Moroccanoil®, the global leader in oil-infused beauty, is thrilled to announce the NEW Moroccanoil Color Depositing Masks, a collection of dual-benefit hair masks that deposit pure pigments while providing the treatment benefits of a deep conditioning mask. The collection consists of seven curated shades for commitment-free, beautifully-colored hair that looks and feels healthy.
The textured-hair category is inarguably the hottest in the haircare space today. This has been driven by the proliferation of founder brands started by curly and coily consumers and savvy consumers who increasingly want products specifically for their texture type. This trend is underscored by the latest insights from NaturallyCurly's 2018 TextureTrends report, released today. According to the 2018 TextureTrends Report, more than 80 percent of women with curly and coily hair say they purcha...
The textured-hair category is inarguably the hottest in the haircare space today. This has been driven by the proliferation of founder brands started by curly and coily consumers and savvy consumers who increasingly want products specifically for their texture type. This trend is underscored by the latest insights from NaturallyCurly's 2018 TextureTrends report, released today. According to the 2018 TextureTrends Report, more than 80 percent of women with curly and coily hair say they purcha...
We all love the many benefits of natural plant oils, used as a deap treatment before shampooing, at home or at the beach, but is there an all-in-one solution for everyday intensive nutrition and modern styling?I am passionate about the benefits of natural extracts with tried-and-tested results, which I have used to develop my own brand (lemon for its acid ph, wheat germ for its fortifying action…). I wanted a product which combined caring and styling effects, and which could be used after shampo...
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.