CARLSBAD, Calif. -- Breach Security, Inc., the leader in web application security, will be presenting Latest Hacks and Attacks from the Web Application Security Consortiums (WASC) Distributed Open Proxy Honeypot Project at next weeks Open Web Application Security Project (OWASP) & WASC AppSec 2007 Conference, in San Jose, CA.
The Distributed Open Proxy Honeypot Project initially began in January 2007 and is led by WASC officer Ryan C. Barnett, director of Application Security Training for Breach Security, Inc. Utilizing globally located open proxy servers and sensors, the Honeypot Project captures live attack data to provide specific examples of targeted web application attacks. Barnett will discuss the new findings on Wednesday, November 14th during the first day of the AppSec conference.
The open proxy honeypots are specially configured vmware hosts used as a medium for gathering attack data. Much of the traffic passing through the open proxies is from hackers or spammers looking to cover their tracks. When the project initially began in January, analysts collected data from seven open proxy servers in countries around the world including Germany, Greece, Russia and the United States.
The project has broadened over the past year, with the number of participating sensors doubling in number to 14. New open proxy servers are now located in Romania, Argentina, and Belgium. By deploying multiple open proxy server honeypots, WASC is able to take a granular look at the types of malicious traffic that are utilizing these systems.
The evidence from this project demonstrates that web application attacks are increasing at an alarming rate. There are two main contributors to this trend; first, attackers have increased anonymity by looping through numerous open proxies or compromised hosts and are therefore more brazen in their attacks, and second is the increased usage of automation, said Barnett. Organizations need to ensure that they have adequate anti-automation mitigations in place to protect their web applications from these forms of attacks. Unfortunately, most web applications are not able to correlate data between transactions to identify when non-human interactions are taking place, and thus, it is only a matter of time before an attacker can gain unauthorized access to data.