Overview
Explore the world of web application honeypots and threat intelligence in this 31-minute OWASP Foundation talk by Adrian Winckles, Director of Cyber Security & Networking Research Group at Anglia Ruskin University. Dive into the OWASP Web Application Honeypot Project, designed to identify and report emerging attacks against web applications. Learn about the collection, storage, and analysis of threat intelligence data, and discover how honeypots can provide realistic targets to entice attackers while revealing their tools and techniques. Examine the use of ModSecurity-based Web Application Firewall technology with OWASP's Core Rule Set, and understand how intelligence data is converted to STIX/TAXII format or visualized using ELK. Gain insights into the project's goals of creating globally distributed honeypots, aggregating attack techniques, and developing educational information for application writers. Explore the rich dataset available for post-attack forensics and incident response, and delve into topics such as WAF implementation, Mod Security, proof of concept layouts, and future project stages.
Syllabus
Intro
Why OWASP Web Honeypots (Part 2)?
Consider the WAF - Web Application Firewall
The WAF as a Honeypot or Probe?
Mod Security - An Open Source Web Application Firewall
Original Project
Proof of Concept Layout (in Docker format)
Honey Traps
Proposed Next Stages
Taught by
OWASP Foundation