Network Security: Detailed info on Re: Web Attack Data

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Web Attack Data - Apache

from [windo] Network Security

[Permanent Link]

Subject:	Re: Web Attack Data - Apache
Date:	Mon, 18 Oct 2004 17:40:16 +0300

Hi.

I was thinking the along the same lines. If you had an in-house cgi or 
other type of web application that you wrote, and you knew it was 
vulnerable, would you fix the code or write an IDS rule to see if anyone 
is exploiting it? It's obvious to me that you would fix the vulnerability.

In addition, IDSs and sniffers only log attempts of known 
vulnerabilities - they have no way of knowing if the attack is successful.


Running honeypots can give that sort of data. I've been wanting to do it
for some time but haven't really gotten around to, but there are a lot
of people who have, and be willing to share that data, for educational
purposes. at least i presume so.

check out http://www.honeynet.org/ for starters.

Siim Põder

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Web Attack Data - Apache, Ryan Barnett Re: Web Attack Data - Apache, Ido Rosen Re: Web Attack Data - Apache, richardw Re: Web Attack Data - Apache, windo <=

Previous by Date:	Re: Potential XSS errors when using information from HTTP requests, Paul Johnston
Next by Date:	RE: Potential XSS errors when using information from HTTP requests, Calderon, Juan Carlos (GE Commercial Finance, NonGE)
Previous by Thread:	Re: Web Attack Data - Apache, richardw
Next by Thread:	Potential XSS errors when using information from HTTP requests, V.Benjamin Livshits
Indexes:	[Date] [Thread] [Top] [All Lists]