lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 30 Mar 2004 22:01:10 +0200
From: "Imperva Application Defense Center" <adc@...erva.com>
To: <bugtraq@...urityfocus.com>
Subject: White Paper - Web Application Worms: Myth or Reality?


Dear BugTraq List,

Imperva(tm)'s Application Defense Center (ADC) has released a new white
paper.

The new paper demonstrates the feasibility of launching worms that
attack custom Web application software automatically. These
methodologies leverage common Web search engine technologies to achieve
the characteristics of a worm: anonymous origin, automated discovery of
vulnerable sites, automated exploit and self-propagation. The paper is
based on the the research, led by Amichai Shulman, the company's CTO,
that was conducted by Imperva's Application Defense Center (ADC).  

Imperva's ADC has begun to see open discussion in the security community
around the theoretical use of search engines to automate the exploit of
vulnerabilities in custom application software. Experience shows that
this will lead, at some point, to a real worm targeting these
vulnerabilities. Putting the pieces together by conducting a controlled
feasibility study, and testing how self-propagation might be enabled,
validates the theory. It is important that the security community
address these issues before the hacking community does so we can enable
better defenses.

The paper was written by Amichai Shulman, Co-Founder and CTO, Imperva
Inc.

Table of Contents:
	- Abstract
	- Introduction
	- Anatomy of an Automated Application Worm
	- War Searching
	- Advanced War Searching
	- The Search of Death
	- Conclusion

The paper can be downloaded at
http://www.imperva.com/application_defense_center/white_papers/default.a
sp?show=appworm

---
Imperva(tm) Application Defense Center (adc imperva com) 
http://www.imperva.com/adc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ