OWASP Global AppSec US 2021 has ended
Back To Schedule
Friday, November 12 • 4:00pm - 5:00pm
Web Application Honeypot Threat Intelligence

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The goal of the OWASP Web Application Honeypot Project is to identify emerging attacks against web applications and report them to the community, in order to facilitate protection against such targeted attacks. Within this project, we are leading the collection, storage and analysis of threat intelligence data.

The purpose of this part of the project is to capture intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks. Honeypots are an established industry technique to provide a realistic target to entice a criminal, whilst encouraging them to divulge the tools and techniques they use during an attack. Like bees to a honeypot. These honeypots are safely designed to contain no information of monetary use to an attacker, and hence provide no risk to the businesses implementing them.

The honeypots in VM, Docker or small computing profiles like Raspberry Pi, employ ModSecurity based Web Application Firewall technology using OWASP’s Core Rule Set pushing intelligence data back to a console to be converted to STIX/TAXII format for threat intelligence or pushed into ELK for visualisation.

The project will create honeypots that the community can distribute within their own networks. With enough honeypots globally distributed, we will be in a position to aggregate attack techniques to better understand and protect against the techniques used by attackers. With this information, we will be in a position to create educational information, such as rules and strategies, that application writers can use to ensure that any detected bugs and vulnerabilities are closed.

From a post attack forensic or incident response perspective, a rich data set of the following information is potentially available to the community or individual organisations utilising the honeypots

avatar for Adrian Winckles

Adrian Winckles

Director of Cyber Security & Networking Research Group & Security Researcher, Anglia Ruskin University
Adrian Winckles is Director of Cyber Security & Networking Research Group & Security Researcher at Anglia Ruskin University. He is OWASP Cambridge Chapter Leader, OWASP Europe Board Member and Chair of OWASP Education Committee.His security research programs include (in)security of... Read More →

Friday November 12, 2021 4:00pm - 5:00pm PST

Attendees (6)