WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

White Paper - Web Application Worms: Myth or Reality?

From: "Imperva Application Defense Center" <adc () imperva com>
Date: Tue, 30 Mar 2004 21:59:04 +0200
Dear WebAppSec List,

Imperva(tm)'s Application Defense Center (ADC) has released a new white
paper.

The new paper demonstrates the feasibility of launching worms that
attack custom Web application software automatically. These
methodologies leverage common Web search engine technologies to achieve
the characteristics of a worm: anonymous origin, automated discovery of
vulnerable sites, automated exploit and self-propagation. The paper is
based on the the research, led by Amichai Shulman, the company's CTO,
that was conducted by Imperva's Application Defense Center (ADC).  

Imperva's ADC has begun to see open discussion in the security community
around the theoretical use of search engines to automate the exploit of
vulnerabilities in custom application software. Experience shows that
this will lead, at some point, to a real worm targeting these
vulnerabilities. Putting the pieces together by conducting a controlled
feasibility study, and testing how self-propagation might be enabled,
validates the theory. It is important that the security community
address these issues before the hacking community does so we can enable
better defenses.

The paper was written by Amichai Shulman, Co-Founder and CTO, Imperva
Inc.

Table of Contents:
        - Abstract
        - Introduction
        - Anatomy of an Automated Application Worm
        - War Searching
        - Advanced War Searching
        - The Search of Death
        - Conclusion

The paper can be downloaded at
http://www.imperva.com/application_defense_center/white_papers/default.a
sp?show=appworm

---
Imperva(tm) Application Defense Center (adc imperva com)
http://www.imperva.com/adc
Previous By Date Next
Previous By Thread Next

Current thread: