WebApplicationHoneypot– OpenSecuritySummit

AdrianWincklesOWASPCambridgeChapterleader

AngliaRuskinUniversity– CourseLeader

Bio– AdrianWinckles

• Adrian Winckles is Course Leader/Senior Lecturer for BSc(Hons)Information Security and Forensic Computing and SecurityResearcher at Anglia Ruskin University. He is OWASP CambridgeChapter Leader, OWASP Europe Board Member and is involved inrebooting the Cambridge Cluster of the UK Cyber Security Forum.

• His security research programs include (in)security of softwaredefined networks/everything (SDN/Sdx), novel network botnetdetection techniques within cloud and virtual environments,distributed honeypots for threat intelligence, advanced educationaltechniques for teaching cybercrime investigation and virtual digitalcrimescene/incident simulation.

• He has successfully competed a contribution to the European FP7English Centre of Excellence for Cybercrime training, research andeducation (ECENTRE). He is vice chair of the BCS Cyber ForensicsSpecial Interest Group.

OldProject

• Oldwikientry-– OWASPWiki

• ServerbackendremovedwhenRyanleftTrustwave• VM’sdisappearedfromWASC’sprojectsrepository• ExpertiseprobablywithinModSecCoreRuleSet(CRS)Project

Inthemeantime

• DoesanyonehavetheoldhoneypotVM’s?• HaveinterncreatingnewprobeandbackendserveratPoC.

• Willmakebackendserveravailabletocommunityashavesomecapacityinuniversitydatacentre.

ProjectReboot

• Updatenewwiki• UpdatenewGithub• DesignanddocumentaProofofConceptSystem/NetworkArchitectureto

actasatestbedforfutureexperimentation.• Developanddocumentaminimumofonevirtual/physicalhoneypot

devicethatcanbedeployedremotelyeitherasaVMimage,DockercontainerorasmallfactordevicesuchasRaspberryPi(withappropriatedummywebapplication)

• InstallandconfigureabackendservertoreceiveModSeccommunicationsfromhoneypotdevices.Testatleastonehoneypotdevicetocommunicatewiththeserverandreceiveattackalarms

• MechanismtoupdateprobewithanyCRSchanges• DevelopmentofaPoCmechanismtodisplayhoneypotalarmsonbackend

server.

Futures

• Dockerbasedhoneypotprobe,smallcomputingprofilehoneypot

• Providemechanismforprovidingopensourcethreatintelligencetothecommunity.

• Providemechanismforcatchingspecificwebvulnerabilities

Questions/Volunteers…