New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they’re looking for Oct 29, 2009 | 03:53 PM By Kelly Jackson Higgins DarkReading A next-generation Web server honeypot project is under way that poses as Web servers with thousands of vulnerabilities in order to gather firsthand data from real attacks targeting Websites. Unlike other Web honeypots, the new open-source Glastopf tool dynamically emulates vulnerabilities attackers are looking for, so it’s more realistic and can gather more detailed attack information, according to its developers.<\/p>\n","protected":false},"excerpt":{"rendered":"
“My project is the first Web application honeypot with a working vulnerability emulator able to respond properly to attacker requests,” says Lukas Rist, who created Glastopf.<\/p>\n
Unlike other Web honeypots that use templates posing as real Web apps, Glastopf basically adapts to the attack and can automatically detect and allow an unknown attack. The project uses a central database to gather the Web attack data from the Glastopf honeypot sensors installed by participants who want to share their data with the database.<\/p>\n
“The project will contribute real-world data and statistics about attacks against Web apps — an area where we do not have good collection tools yet,” says Thorsten Holz, Rist’s mentor on the project. “They can, for example, find compromised servers in their space that host PHP bots, or other data related to remote file inclusion vulnerabilities,” he says.<\/p>\n
http:\/\/darkreading.com\/database_security\/security\/app-security\/showArticle.jhtml?articleID=221300001<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-898","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=898"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/898\/revisions"}],"predecessor-version":[{"id":3385,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/898\/revisions\/3385"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}