WebApp Sec mailing list archives
Re: White Paper - Web Application Worms: Myth or Reality?
From: Daniel <daniel () dev ugc-labs co uk>
Date: 31 Mar 2004 09:18:09 -0000
In-Reply-To: <96242ACDF1723A4BBF70D21211FB9B23586D0A () shrek webcohort com> (disclaimer) this isn't meant to start a flame war There seems to be a large amount of ifs and what if in this paper. The most popular automated web application scanners still miss simple vulnerabilities in an application, so how will a blindly guided piece of worm code resolve this? Take for example SQL injection in a bespoke application. First the worm needs to discover that they can bypass the input validation scheme in place and force the app to accept the SQL query. It then needs to determine what they can manipulate on the database itself. Once this is all done, the worm needs to start its attack sequence and eventually start a listener on the database itself or perform some other task. I know a large amount of people that have problems with this let alone a worm. Daniel
Received: (qmail 20045 invoked from network); 30 Mar 2004 20:50:03 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 30 Mar 2004 20:50:03 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing2.securityfocus.com (Postfix) with QMQP id D08C08FE3D; Tue, 30 Mar 2004 08:32:59 -0700 (MST) Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <webappsec.list-id.securityfocus.com> List-Post: <mailto:webappsec () securityfocus com> List-Help: <mailto:webappsec-help () securityfocus com> List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com> List-Subscribe: <mailto:webappsec-subscribe () securityfocus com> Delivered-To: mailing list webappsec () securityfocus com Delivered-To: moderator for webappsec () securityfocus com Received: (qmail 17881 invoked from network); 30 Mar 2004 13:49:08 -0000 X-MIMEOLE: Produced By Microsoft Exchange V6.0.6487.1 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: White Paper - Web Application Worms: Myth or Reality? Date: Tue, 30 Mar 2004 21:59:04 +0200 Message-ID: <96242ACDF1723A4BBF70D21211FB9B23586D0A () shrek webcohort com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: White Paper - Web Application Worms: Myth or Reality? Thread-Index: AcQWkWXlPB/Phh6pT9WXcihfgdCqOA== From: "Imperva Application Defense Center" <adc () imperva com> To: <webappsec () securityfocus com> Dear WebAppSec List, Imperva(tm)'s Application Defense Center (ADC) has released a new white paper. The new paper demonstrates the feasibility of launching worms that attack custom Web application software automatically. These methodologies leverage common Web search engine technologies to achieve the characteristics of a worm: anonymous origin, automated discovery of vulnerable sites, automated exploit and self-propagation. The paper is based on the the research, led by Amichai Shulman, the company's CTO, that was conducted by Imperva's Application Defense Center (ADC). =20 Imperva's ADC has begun to see open discussion in the security community around the theoretical use of search engines to automate the exploit of vulnerabilities in custom application software. Experience shows that this will lead, at some point, to a real worm targeting these vulnerabilities. Putting the pieces together by conducting a controlled feasibility study, and testing how self-propagation might be enabled, validates the theory. It is important that the security community address these issues before the hacking community does so we can enable better defenses. The paper was written by Amichai Shulman, Co-Founder and CTO, Imperva Inc. Table of Contents: - Abstract - Introduction - Anatomy of an Automated Application Worm - War Searching - Advanced War Searching - The Search of Death - Conclusion The paper can be downloaded at http://www.imperva.com/application_defense_center/white_papers/default.a sp?show=3Dappworm --- Imperva(tm) Application Defense Center (adc imperva com) http://www.imperva.com/adc
Current thread:
- White Paper - Web Application Worms: Myth or Reality? Imperva Application Defense Center (Mar 30)
- <Possible follow-ups>
- Re: White Paper - Web Application Worms: Myth or Reality? Daniel (Mar 31)
- RE: White Paper - Web Application Worms: Myth or Reality? stephen (Mar 31)
- RE: White Paper - Web Application Worms: Myth or Reality? Amichai Shulman (Mar 31)
- RE: White Paper - Web Application Worms: Myth or Reality? Amichai Shulman (Mar 31)