According to both Gartner and NIST (National Institute of Standards and Technology), 92% of security vulnerabilities are now found in software. Within the industry, there are multiple layers of protection which offer a security in-depth approach around IT infrastructures filling the many holes offered by some layers.
There is a major industry need to identify emerging attacks against web applications and report them to the security community, in order to facilitate protection against such targeted attacks. We are leading the OWASP Web Honeypot project to produce a community of threat intelligence information.
The purpose of this part of the research is to capture intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks.
This could potentially involve the use of honeypots as an established industry technique to provide a realistic target to entice a criminal, whilst encouraging them to divulge the tools and techniques they use during an attack. Like bees to a honeypot. These honeypots are safely designed to contain no information of monetary use to an attacker, and hence provide no risk to the businesses implementing them.
The honeypots in VM, Docker or small computing profiles like Raspberry Pi, employ ModSecurity based Web Application Firewall technology using OWASP’s Core Rule Set pushing intelligence data back to console to be converted to STIX/TAXII format for threat intelligence or pushed into ELK for visualisation.
The project will create honeypots that the community can distribute within their own networks. With enough honeypots globally distributed, we will be in a position to aggregate attack techniques to better understand and protect against the techniques used by attackers. With this information, we will be in a position to create educational information, such as rules and strategies, that application writers can use to ensure that any detected bugs and vulnerabilities are closed.
This project is self-funded. Details of studentships for which funding is available are selected by a competitive process and are advertised on our jobs website (View Website) as they become available.