[Dshield] in Toronto next week

Rick Leir rdshield at leirtech.com
Fri May 9 17:18:54 GMT 2008


 > if you
> happen to be in Toronto next week, I will talk about it during an OWASP 
> evening talk.

Here is the blurb, copied from the OWASP Toronto mailing list.  I wish I 
could attend.

Topic: A Distributed Web Application Honeypot
Time: May 13th 2008, 6:00-7:00 PM EST

Description: DShield.org has been extremely helpful in understanding
network based attacks. However, over the last few years many interesting
attacks target specific web application flaws which are not detected by
DShield's sensor system. Collecting similar data for web applications
has been challenging for a number of reasons. First of all, the data
needed to understand a web application attack is much richer and a
simple efficient data model as the one used by DShield will not provide
sufficient details. If more detailed data, like complete requests, are
collected, data privacy issues become more of a problem. Simple
obfuscation or pattern replacement techniques are usually not sufficient
to safeguard this information, or they will make it impossible to
understand the attack. Lastly, many web application attacks use search
engines to find vulnerable systems, instead of just attacking random
servers. Over the next few months we plan to roll out a distributed web
application honeypot. We will describe how this honeypot will be
implemented to address these issues.

May 13th between 6:00
PM -7:00 PM  at a Different Location Delta Meadowvale Resort &
Conference Center, 6750 Mississauga Road, Mississauga, ON CA



More information about the list mailing list