By Kelly Jackson Higgins
Oct 29, 2009
A next-generation Web server honeypot project is under way that poses as
Web servers with thousands of vulnerabilities in order to gather
firsthand data from real attacks targeting Websites.
Unlike other Web honeypots, the new open-source Glastopf tool
dynamically emulates vulnerabilities attackers are looking for, so it's
more realistic and can gather more detailed attack information,
according to its developers. "Many attackers are checking the
vulnerability of the application before they inject malicious code. My
project is the first Web application honeypot with a working
vulnerability emulator able to respond properly to attacker requests,"
says Lukas Rist, who created Glastopf.
Rist, a student, built Glastopf through the Google Summer of Code (Gsoc)
2009 program, where student developers write code for open-source projects.
His Web honeypot was one of the Honeynet Project's Gsoc projects.
Unlike other Web honeypots that use templates posing as real Web apps,
Glastopf basically adapts to the attack and can automatically detect and
allow an unknown attack. Glastopf uses a combination of known signatures
of vulnerabilities and also records the keywords an attacker uses when
visiting the honeypot to ensure it gets indexed in search engines, which
attackers often use to find new targets. The project uses a central
database to gather the Web attack data from the Glastopf honeypot
sensors installed by participants who want to share their data with the
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News