WebApplicationHoneypot– OpenSecuritySummit
AdrianWincklesOWASPCambridgeChapterleader
AngliaRuskinUniversity– CourseLeader
Bio– AdrianWinckles
• Adrian Winckles is Course Leader/Senior Lecturer for BSc(Hons)Information Security and Forensic Computing and SecurityResearcher at Anglia Ruskin University. He is OWASP CambridgeChapter Leader, OWASP Europe Board Member and is involved inrebooting the Cambridge Cluster of the UK Cyber Security Forum.
• His security research programs include (in)security of softwaredefined networks/everything (SDN/Sdx), novel network botnetdetection techniques within cloud and virtual environments,distributed honeypots for threat intelligence, advanced educationaltechniques for teaching cybercrime investigation and virtual digitalcrimescene/incident simulation.
• He has successfully competed a contribution to the European FP7English Centre of Excellence for Cybercrime training, research andeducation (ECENTRE). He is vice chair of the BCS Cyber ForensicsSpecial Interest Group.
OldProject
• Oldwikientry-– OWASPWiki
• ServerbackendremovedwhenRyanleftTrustwave• VM’sdisappearedfromWASC’sprojectsrepository• ExpertiseprobablywithinModSecCoreRuleSet(CRS)Project
Inthemeantime
• DoesanyonehavetheoldhoneypotVM’s?• HaveinterncreatingnewprobeandbackendserveratPoC.
• Willmakebackendserveravailabletocommunityashavesomecapacityinuniversitydatacentre.
ProjectReboot
• Updatenewwiki• UpdatenewGithub• DesignanddocumentaProofofConceptSystem/NetworkArchitectureto
actasatestbedforfutureexperimentation.• Developanddocumentaminimumofonevirtual/physicalhoneypot
devicethatcanbedeployedremotelyeitherasaVMimage,DockercontainerorasmallfactordevicesuchasRaspberryPi(withappropriatedummywebapplication)
• InstallandconfigureabackendservertoreceiveModSeccommunicationsfromhoneypotdevices.Testatleastonehoneypotdevicetocommunicatewiththeserverandreceiveattackalarms
• MechanismtoupdateprobewithanyCRSchanges• DevelopmentofaPoCmechanismtodisplayhoneypotalarmsonbackend
server.
Futures
• Dockerbasedhoneypotprobe,smallcomputingprofilehoneypot
• Providemechanismforprovidingopensourcethreatintelligencetothecommunity.
• Providemechanismforcatchingspecificwebvulnerabilities
Questions/Volunteers…
Top Related