The DShield project has been providing the information security industry with early attack warning data for over 8 years. The project has recently been expanding the detection scope to web application attacks. Volunteers deploy web honeypots distributed around the globe. These honeypots collect full log details (including HTTP request header and body) for DShield to archive and analyze. In this presentation, the goals and architecture as well as the experience gained in designing and implementing the distributed honeypot application will be shared and discussed along with demonstrations of some of the more interesting results obtained. Audience members will be encouraged to participate and contribute to the project.
Jason Lam is a senior security analyst at a global financial institution. He is also an author and instructor for the SANS Institute specializing in creating courses on web applications defense and penetration testing. In his free time he is an incident handler with the SANS Internet Storm Center. Recently, he took on the role to be a leader for the DShield honeypot project. The DShield Honeypot Project sets up, and monitors web application honeypots all over the world gathering their logs and performing important research and analysis on the latest trends and attacks.