An Innovative Security Strategy using Reactive Web Application Honeypot
This work addresses security for organizations relying on web applications, but it appears incremental as it builds on existing honeypot frameworks like SNARE and TANNER.
The paper tackles the problem of protecting web applications from diverse cyber-attacks by proposing a low-interaction, adaptive, and dynamic web application honeypot that imitates vulnerabilities through HTTP events, using SNARE to create an attack surface and TANNER for analysis and response composition.
Nowadays, web applications have become most prevalent in the industry, and the critical data of most organizations stored using web apps. Hence, web applications a much bigger target for diverse cyber-attacks, which varies from database injections-SQL injection, PHP object injection, template injection, XML external entity injection, unsanitized input attacks- Cross-Site Scripting(XSS), and many more. As mitigation for them, among many proposed solutions, web application honeypots are a much sophisticated and powerful protection mechanism. In this paper, we propose a low interaction, adaptive, and dynamic web application honeypot that imitates the vulnerabilities through HTTP events. The honeypot is built with SNARE and TANNER; SNARE creates the attack surface and sends the requests to TANNER, which evaluates them and decides how SNARE should respond to the requests. TANNER is an analysis and classification tool, which analyzes and evaluates HTTP requests served by SNARE and to compose the response, it is powered by emulators, which are engines used for the emulation of vulnerabilities.