<<< Date Index >>>     <<< Thread Index >>>

White Paper - Web Application Worms: Myth or Reality?



Dear BugTraq List,

Imperva(tm)'s Application Defense Center (ADC) has released a new white
paper.

The new paper demonstrates the feasibility of launching worms that
attack custom Web application software automatically. These
methodologies leverage common Web search engine technologies to achieve
the characteristics of a worm: anonymous origin, automated discovery of
vulnerable sites, automated exploit and self-propagation. The paper is
based on the the research, led by Amichai Shulman, the company's CTO,
that was conducted by Imperva's Application Defense Center (ADC).  

Imperva's ADC has begun to see open discussion in the security community
around the theoretical use of search engines to automate the exploit of
vulnerabilities in custom application software. Experience shows that
this will lead, at some point, to a real worm targeting these
vulnerabilities. Putting the pieces together by conducting a controlled
feasibility study, and testing how self-propagation might be enabled,
validates the theory. It is important that the security community
address these issues before the hacking community does so we can enable
better defenses.

The paper was written by Amichai Shulman, Co-Founder and CTO, Imperva
Inc.

Table of Contents:
        - Abstract
        - Introduction
        - Anatomy of an Automated Application Worm
        - War Searching
        - Advanced War Searching
        - The Search of Death
        - Conclusion

The paper can be downloaded at
http://www.imperva.com/application_defense_center/white_papers/default.a
sp?show=appworm

---
Imperva(tm) Application Defense Center (adc imperva com) 
http://www.imperva.com/adc