Web Application Honeypot

Track: DevSecOps
When: Thu PM-3
Where: Portland
Organizers Adrian Winckles Adrian Winckles
Participants Abhinav Sejpal Abhinav Sejpal , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Naushad S Naushad S , Orid Ahmed Orid Ahmed , Simon Pavillon Simon Pavillon , Stephanie Vanroelen Stephanie Vanroelen
Remote Participants Arushit Mudgal Arushit Mudgal , Harmeet Singh Harmeet Singh , Lubo Vikev Lubo Vikev , Mustaqiim Muhar Mustaqiim Muhar , Subash Subash , Sugumaran Uppili Sugumaran Uppili , Vandana Verma Vandana Verma

We’re rebooting the OWASP Distributed Web Application Honeypot Project which Ryan Barnett used to lead and fell dormant due to a change of employer. We now have the capacity to host a new community reporting server in ARU’s new research lab (as well as plenty of physical server capacity).

WHY

Planning to work with the OWASP ModSec Core Rule Set Project leaders to develop a new honeypot VM OVA/OVF (and potentially a docker image as well) based around the latest version of CRS as a way of generating threat intelligence data available to the community.

What

Web Application Threat Intelligence Architecture Design ModSec Console Server Console Implementation Development of new deployable VM (OVA/OVF) honeypot image Development of new deployable Docker honeypot image Small deployable footprint honeypot on Raspberry Pi. Threat Intelligence Community Information Disclosure

Outcomes

This working session will produce

Strategic Plan for Web Application Threat Intelligence Architecyture to populate wiki. New PoC Honeypots VM & Docker images development plans Console server setup and testing Community Information sharing policy

References

(…)

Previous

Register as participant

To register as participant add Web Application Honeypot to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions