Cloud Security Authors: Elizabeth White, Pat Romanski, Maria C. Horton, Liz McMillan, Ravi Rajamiyer

Related Topics: Cloud Security

News Feed Item

Breach Security to Present 'Latest Hacks and Attacks' From the Web Application Security Consortium (WASC)'s Distributed Open Proxy Honeypot Project

In October alone, the Honeypot Project logged over two million web attacks

CARLSBAD, Calif., Nov. 7 /PRNewswire/ -- Breach Security, Inc., the leader in web application security, will be presenting 'Latest Hacks and Attacks' from the Web Application Security Consortium's (WASC) Distributed Open Proxy Honeypot Project at next week's Open Web Application Security Project (OWASP) & WASC AppSec 2007 Conference, in San Jose, CA.

The Distributed Open Proxy Honeypot Project initially began in January 2007 and is led by WASC officer Ryan C. Barnett, director of Application Security Training for Breach Security, Inc. Utilizing globally located open proxy servers and sensors, the Honeypot Project captures live attack data to provide specific examples of targeted web application attacks. Barnett will discuss the new findings on Wednesday, November 14th during the first day of the AppSec conference.

The open proxy honeypots are specially configured vmware hosts used as a medium for gathering attack data. Much of the traffic passing through the open proxies is from hackers or spammers looking to cover their tracks. When the project initially began in January, analysts collected data from seven open proxy servers in countries around the world including Germany, Greece, Russia and the United States.

The project has broadened over the past year, with the number of participating sensors doubling in number to 14. New open proxy servers are now located in Romania, Argentina, and Belgium. By deploying multiple open proxy server honeypots, WASC is able to take a granular look at the types of malicious traffic that are utilizing these systems.

"The evidence from this project demonstrates that web application attacks are increasing at an alarming rate. There are two main contributors to this trend; first, attackers have increased anonymity by looping through numerous open proxies or compromised hosts and are therefore more brazen in their attacks, and second is the increased usage of automation," said Barnett. "Organizations need to ensure that they have adequate anti-automation mitigations in place to protect their web applications from these forms of attacks. Unfortunately, most web applications are not able to correlate data between transactions to identify when 'non-human' interactions are taking place, and thus, it is only a matter of time before an attacker can gain unauthorized access to data."

While the Distributed Open Proxy Honeypot Project started in January 2007, the data presented below was collected solely in October 2007 -- all data is compared to the four month cycle of the phase one of the project, which was collected from January 15th through April 30th 2007.

Project Scope: * In October alone, the Honeypot Project logged close to nine million web requests, compared to nearly one million web requests during phase one. * Over two million of all processed web requests in October exhibited known malicious attacks or anomalous behavior, as identified by the custom ModSecurity rule set. Top Attacks by Volume: * The largest amount of traffic was attributed to banner ad/click-through fraud with approximately 2.6 million requests, compared to less than 158,000 in phase one. * Spammers represent the second highest number of users of the open proxy servers with approximately nearly two million requests, compared to slightly more than 109,600 requests in phase one. * Continuing to follow the trend from phase one, the majority of web attacks continue to use automated programs, which increase the need for anti-automation defenses. Top Attacks by Severity: * Numerous websites are including malicious Javascript code which attempts to exploit unpatched browser flaws and install malware onto client machines. * Spammers are utilizing an extensive distributed reverse brute force authentication scan against a popular email provider's accounts. They are considered "stealthy" scans as they are distributing their scan across hundreds of unique email authentication hosts and are using specific "common" passwords and then cycling through different usernames, thus decreasing the likelihood of locking out accounts. Spammers can enumerate information to identify valid email accounts, or worse, to identify valid login credentials and actually hijack user accounts. * Information leakage continues to be a significant problem as many websites are configured to provide overly detailed error messages which can reveal vulnerabilities to a hacker.

"This research project differs from conventional web attack statistics as we have wide visibility of attack traffic, whereas most organizations only see data destined for their specific sites," said Barnett. "We present this project to the security and business community to build awareness by offering fresh insight into the multiple forms of web application attacks that are occurring."

The global net of honeypots run Breach Security's open source ModSecurity core rules to identify and block attacks and provide research data. The ModSecurity open source web application firewall is the most widely deployed with 10,000 users worldwide. This highly flexible web application firewall can be used for a wide range of functions including web application monitoring, web intrusion detection and prevention, as well as "just in time" virtual patching of known vulnerabilities. The Honeypot Project is also using Breach Security's commercial ModSecurity Management Appliance (MMA), a network-based tool designed to collect logs and alerts from remote ModSecurity sensors in real-time. The MMA provides security analysts with a single interface for monitoring the security of their web applications.

For more information on the Breach Security, the OWASP & WASC AppSec 2007 Conference, and statistics related to the WASC Distributed Open Proxy Honeypot Project, please visit http://www.breach.com/ or call +760 444 6150.

WASC maintains a number of projects to generate web application security awareness, classify threats against web applications, and provide evaluation criteria for web application security solutions. Additional information about the WASC Distributed Open Proxy Honeypot Project can be found at http://www.webappsec.org/projects/honeypots/.

About Breach Security, Inc.

Breach Security, Inc. is the leading provider of next-generation web application security that protects sensitive web-based information. Breach Security protects web applications from Internet hacking attacks and provides an effective solution for emerging security challenges such as identity theft, information leakage, and insecurely coded applications. Breach Security's solutions also support regulatory compliance requirements for security. The company's WebDefend web application firewall is ICSA Labs certified. Founded in 2004, Breach Security is headquartered in Carlsbad, Calif. For more information, please visit: http://www.breach.com/.

About WASC

The Web Application Security Consortium (WASC) is an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best- practice security standards for the World Wide Web. As an active community, WASC facilitates the exchange ideas and organizes several industry projects. WASC consistently releases technical information, contributed articles, security guidelines, and other useful documentation. Businesses, educational institutions, governments, application developers, security professionals, and software vendors all over the world utilize our materials to assist with the challenges presented by web application security. Membership and participation in WASC related activities is free and open to all. For more information visit: http://www.webappsec.org/.

Breach Security, Inc.

CONTACT: U.S., Ronnie Manning of Madison Alexander PR, +1-619-822-2239,
[email protected], for Breach Security, Inc.

Web site: http://www.breach.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Scala Hosting is trusted by 50 000 customers from 120 countries and hosting 700 000+ websites. The company has local presence in the United States and Europe and runs an internal R&D department which focuses on changing the status quo in the web hosting industry. Imagine every website owner running their online business on a fully managed cloud VPS platform at an affordable price that's very close to the price of shared hosting. The efforts of the R&D department in the last 3 years made that pos...