Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Web App Traps (custom IDS)

Web App Traps (custom IDS)

From: Meder Kydyraliev <meder_at_o0o.nu>
Date: Sun, 8 Jan 2006 13:28:33 +0800

Hi,

I've done a small writeup on web application traps. Full version is
here: http://o0o.nu/~meder/wats.txt

Here's an abstract:

2. What is a Web Application Trap (WAT)?

The idea behind WATs is simple: enable the application to detect and
alert the appropriate support staff whenever someone is tampering with the
application transactions. Besides this, application has to be able classify the
skill level of the attacker and trigger the appropriate severity alert level.

The proposed solution to enable the application to do these is to
introduce several traps into web application design. These are decoy components
and parameters which normally an attack will focus on. These traps will then
be monitored by the application for any modifications (to the traps).

Would love to hear your feedback!

Thanks,
Meder 

-- 
http://o0o.nu/~meder
-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------
Received on Jan 08 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]