WebApp Sec mailing list archives

Re: White Paper - Web Application Worms: Myth or Reality?

From: Daniel <daniel () dev ugc-labs co uk>
Date: 31 Mar 2004 09:18:09 -0000

In-Reply-To: <96242ACDF1723A4BBF70D21211FB9B23586D0A () shrek webcohort com>

(disclaimer) this isn't meant to start a flame war

There seems to be a large amount of ifs and what if in this paper. 

The most popular automated web application scanners still miss simple vulnerabilities in an application, so how will a 
blindly guided piece of worm code resolve this?

Take for example SQL injection in a bespoke application. First the worm needs to discover that they can bypass the 
input validation scheme in place and force the app to accept the SQL query. It then needs to determine what they can 
manipulate on the database itself. Once this is all done, the worm needs to start its attack sequence and eventually 
start a listener on the database itself or perform some other task.
 
I know a large amount of people that have problems with this let alone a worm.


Daniel

Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm
Precedence: bulk
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: White Paper - Web Application Worms: Myth or Reality?
Date: Tue, 30 Mar 2004 21:59:04 +0200
Message-ID: <96242ACDF1723A4BBF70D21211FB9B23586D0A () shrek webcohort com>
Thread-Topic: White Paper - Web Application Worms: Myth or Reality?
Thread-Index: AcQWkWXlPB/Phh6pT9WXcihfgdCqOA==
From: "Imperva Application Defense Center" <adc () imperva com>
To: <webappsec () securityfocus com>

Dear WebAppSec List,

Imperva(tm)'s Application Defense Center (ADC) has released a new white
paper.

The new paper demonstrates the feasibility of launching worms that
attack custom Web application software automatically. These
methodologies leverage common Web search engine technologies to achieve
the characteristics of a worm: anonymous origin, automated discovery of
vulnerable sites, automated exploit and self-propagation. The paper is
based on the the research, led by Amichai Shulman, the company's CTO,
that was conducted by Imperva's Application Defense Center (ADC). =20

Imperva's ADC has begun to see open discussion in the security community
around the theoretical use of search engines to automate the exploit of
vulnerabilities in custom application software. Experience shows that
this will lead, at some point, to a real worm targeting these
vulnerabilities. Putting the pieces together by conducting a controlled
feasibility study, and testing how self-propagation might be enabled,
validates the theory. It is important that the security community
address these issues before the hacking community does so we can enable
better defenses.

The paper was written by Amichai Shulman, Co-Founder and CTO, Imperva
Inc.

Table of Contents:
      - Abstract
      - Introduction
      - Anatomy of an Automated Application Worm
      - War Searching
      - Advanced War Searching
      - The Search of Death
      - Conclusion

The paper can be downloaded at
http://www.imperva.com/application_defense_center/white_papers/default.a
sp?show=3Dappworm

---
Imperva(tm) Application Defense Center (adc imperva com)
http://www.imperva.com/adc

Current thread:

White Paper - Web Application Worms: Myth or Reality? Imperva Application Defense Center (Mar 30)
- <Possible follow-ups>
- Re: White Paper - Web Application Worms: Myth or Reality? Daniel (Mar 31)
- RE: White Paper - Web Application Worms: Myth or Reality? stephen (Mar 31)
- RE: White Paper - Web Application Worms: Myth or Reality? Amichai Shulman (Mar 31)
- RE: White Paper - Web Application Worms: Myth or Reality? Amichai Shulman (Mar 31)