WebApp Sec: Re: Web Attack Data - Apache

[windo () windowlicker dyn ee]

Hi.

> I was thinking the along the same lines. If you had an in-house cgi or 
> other type of web application that you wrote, and you knew it was 
> vulnerable, would you fix the code or write an IDS rule to see if anyone 
> is exploiting it? It's obvious to me that you would fix the vulnerability.
>
> In addition, IDSs and sniffers only log attempts of known 
> vulnerabilities - they have no way of knowing if the attack is successful.
Running honeypots can give that sort of data. I've been wanting to do it
for some time but haven't really gotten around to, but there are a lot
of people who have, and be willing to share that data, for educational
purposes. at least i presume so.

check out http://www.honeynet.org/ for starters.

Siim Põder