New Whitepaper: Stopping Automated Attack Tools

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: New Whitepaper: Stopping Automated Attack Tools
From: "Gunter Ollmann (NGS)" <gunter@xxxxxxxxxxxxxxx>
Date: Tue, 26 Apr 2005 19:04:03 +0100
In-reply-to:
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcUv1Eb1u+tx8X28T0q4UUfuOWd2vgAGQyNQAP1PUSAFqeSpcA==

Hi List,

There were a number of queries about my previous paper "Anti Brute Force
Reource Metering".  It appears that way too many people havn't yet gotten to
grips with some of the more standard/basic methods of preventing automated
tools from attacking a web-based application.

So, to help the community along, I've pulled together a new whitepaper
entitled "Stopping Automated Attack Tools" which covers the most
popular/efficient methods of ...wait for it... stopping automated attack
tools!

The paper covers the 10 most common/successful methods of actively
preventing/breaking/stopping attack tools when targeted at a web-based
application.  In addition, I've added three new groupings explaining how the
use of client-side code can strengthen these applications and work to defend
against current and future attack tools.  An analysis and comparison of the
different techniques is also made.

Paper Location:
http://www.ngssoftware.com/papers/StoppingAutomatedAttackTools.pdf


Paper Abstract:

An almost infinite array of automated tools exist to spider and mirror
application content, extract confidential material, brute force guess
authentication credentials, discover code-injection flaws, fuzz application
variables for exploitable overflows, scan for common files or vulnerable
CGI's, and generally attack or exploit web-based application flaws.  While
of great value to security professionals, the use of these tools by
attackers represents a clear and present danger to all organisations.
These automated tools have become increasingly popular for attackers seeking
to compromise the integrity of online applications, and are used during most
phases of an attack.  Whilst there are a number of defence techniques which,
when incorporated into a web-based application, are capable of stopping even
the latest generation of tools, unfortunately most organisations have failed
to adopt them.
This whitepaper examines techniques which are capable of defending an
application against these tools; providing advice on their particular
strengths and weaknesses and proposing solutions capable of stopping the
next generation of automated attack tools.



Anyhow, I imagine that the paper will be of use to most of you out
there...pass it to your organisations web-app developers and get them to
read it and implement some of the security techniques.  I know my clients
will be making good use of the information ;-)


Cheers,

Gunter Ollmann


------------------------------------------------------
G u n t e r   O l l m a n n,            MSc(Hons), BSc
Professional Services Director                        
                                                      
Next  Generation  Security  Software  Ltd.            
First Floor, 52 Throwley Way  Tel: +44 (0)208 401 0070
Sutton, Surrey, SM1 4BF, UK   Fax: +44 (0)208 401 0076
http://www.nextgenss.com    http://www.ngssoftware.com
------------------------------------------------------

Prev by Date: ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit
Next by Date: [ GLSA 200504-26 ] Convert-UUlib: Buffer overflow
Previous by thread: ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit
Next by thread: [ GLSA 200504-26 ] Convert-UUlib: Buffer overflow
Index(es):
- Date
- Thread