informa
News

Honeypot Proves to Be Sticky

If you can swim in techie waters, there's fascinating data in here

5:59 PM -- The Web Application Security Consortium today published its first report from the Distributed Open Honeypot Project, offering some revealing insights on the nature and number of attacks on the Web.

If you can read the thing, that is.

The new report is the first fruit of a six-month honeypot effort designed to detect a wide variety of attacks and exploits on the Web. The report is different than most "security trends" reports, because it shows the nature of real attack traffic, including attacks in the wild. (Many other reports show only the incidence of known attacks as they are blocked by a vendor product.)

There's a great deal of insightful trend information in the WASC report, but I wouldn't be a good editor if I didn't point out that the document is incredibly hard to read. It's full of phrases like "ModSecurity Attack Categories" and "Missing accept header" that are virtually unexplained. If you have a good technical background, and are experienced in app security, you won't have a problem, but this is not a report you can hand over to end users or CEOs for their perusal.

Having said that, the report offers some useful insights into current attack patterns. For example, the honeypot encountered a high number of SQL injection and brute force attacks, two vectors that are seldom discussed these days. The report also notes a high volume of "information leakage" from Websites -- a trend that other researchers have recorded -- and a high volume of automated attacks.

Take a look at the WASC's report -- it's clear the honeynet project is working.

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading: