Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 44019 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Kharrazi, Mehdi
- Abstract:
- With the rapid growth of Internet popularity, web applications are growing in usage and complexity, and therefore, are attractive targets for attackers. Increasing number of services and amount of information stored in the Internet, stimulates attackers to focus on these kind of applications. On the other hand, security specialists are deploying different solutions to mitigate such threats. One of these solutions are Honeypot systems. In contrast with other security solutions, honeypots are not designed to defend against attackers directly. Honeypots, rather, are planned to gather data about what attackers do. This information can help security administrators to learn and understand attackers behavior, their attack vectors and their goals. Also, honeypots will waste attacker time trying intrude the trap. In network security, Honeypots are popular and widely used. In the Web, however, honeypots are not so idespread, because introduced solutions are not able meet special requirements that a web application honeypot needs to answer in the Web. In this research, we have tried to look in to those requirements and propose a honeypot system which satisfies them. In the proposed solution, we get help from a real and functioning web application to attract attackers and keep them busy in the trap. We implement a simple honeypot based on our design as a proof of concept. We have evaluated the system by deploying it in front of a security competition portal, attracting attackers to take down the portal and fall in the trap. Obtained results showed that this honeypot can help security administrators in finding new vulnerabilities, as well as other useful information like attractive parts of application and their popular ways of attacking
- Keywords:
- Honeypot ; Application Security ; Application Vulnerability ; Forensics ; Vulnerability Scanning ; Intrusion Detection System ; Web Application
Digital Object List
محتواي کتاب
Bookmark