Difference between revisions of "SANS Dshield Webhoneypot Project"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
== The presentation  ==
 
== The presentation  ==
  
[[Image:Jason_Lam.jpg|200px|thumb|right]]The DShield project has been providing the information security industry with early attack warning data for over 8 years. The project has recently been expanding the detection scope to web application attacks. Volunteers deploy web honeypots distributed around the globe. These honeypots collect full log details (including HTTP request header and body) for DShield to archive and analyze. In this presentation, the goals and architecture as well as the experience gained in designing and implementing the distributed honeypot application will be shared and discussed along with demonstrations of some of the more interesting results obtained. Audience members will be encouraged to participate and contribute to the project.
+
[[Image:Jason_Lam.jpg|200px|thumb|right|Jason Lam]]The DShield project has been providing the information security industry with early attack warning data for over 8 years. The project has recently been expanding the detection scope to web application attacks. Volunteers deploy web honeypots distributed around the globe. These honeypots collect full log details (including HTTP request header and body) for DShield to archive and analyze. In this presentation, the goals and architecture as well as the experience gained in designing and implementing the distributed honeypot application will be shared and discussed along with demonstrations of some of the more interesting results obtained. Audience members will be encouraged to participate and contribute to the project.
  
 
== The speaker  ==
 
== The speaker  ==

Latest revision as of 09:14, 20 October 2009

The presentation

Jason Lam
The DShield project has been providing the information security industry with early attack warning data for over 8 years. The project has recently been expanding the detection scope to web application attacks. Volunteers deploy web honeypots distributed around the globe. These honeypots collect full log details (including HTTP request header and body) for DShield to archive and analyze. In this presentation, the goals and architecture as well as the experience gained in designing and implementing the distributed honeypot application will be shared and discussed along with demonstrations of some of the more interesting results obtained. Audience members will be encouraged to participate and contribute to the project.

The speaker

Jason Lam is a senior security analyst at a global financial institution. He is also an author and instructor for the SANS Institute specializing in creating courses on web applications defense and penetration testing. In his free time he is an incident handler with the SANS Internet Storm Center. Recently, he took on the role to be a leader for the DShield honeypot project. The DShield Honeypot Project sets up, and monitors web application honeypots all over the world gathering their logs and performing important research and analysis on the latest trends and attacks.