Honeypots, Dorks and a protective SQL Injection.

by Garcello D
The Article I decided to blog about this week is called “Glasopf Web application honeypot gets SQL injection emulation capability,” it is written by Lucian Constantin on pcworld.com. So basically the Honeynet Project is a none-profit organization that develops open source security research tools. It created a component for the honeypot software that can emulate applications vulnerable to SQL injection attacks which trick attackers into revealing their intentions.  For starters what you are probably wondering is what is a honeypot? Well a honeypot is a system that is intentionally left vulnerable so that it can collect technical information about attacks. The gained information can then be used to strengthen the security of other real systems that are found on the same network, or to develop attack signatures for security products like firewalls. Honeypots can also be used by researchers to discover previously unknown attacks and undetected malware or they can be used by businesses to understand how a system exposed that is exposed to the internet can be targeted by hackers. The title of the article mentions the word Glasopf, which is a honeypot tool created by the people involved in the honeynet project. Glastopf is kind of like a Dummy that attracts attackers because it consists of a web server that dynamically emulates vulnerable web applications in order to attract attackers. Glastopf has been in development since 2009, until recently it wasn’t able to emulate SQL injection vulnerabilities which is important because it commonly attracts attackers. Now it can because the Honeynet project released an SQL injection handler, a new component which allows it to emulate the injection vulnerabilities. This component can emulate a bunch of vulnerabilities at once which they call dorks, so when attackers use the search engines to locate their prey there’s a high chance they will encounter a dork without knowing it. The component is still new though and its future reports will show just how effective it is.

I chose to write about this article this week because we were introduced to SQL this week, and for me personally it is interesting to think about the security of something I am using or creating. It’s also interesting to learn how hackers attempt to steal and or manipulate your database by changing the SQL commands to their favor. The article sparked my attention even more because it shows the security side fighting back with a trick up their sleeve, I am glad to have gained new knowledge specifically the fact that I can now comfortably explain to someone what a honeypot and a dork is.

Constantin, Lucian  (September 12, 2012) “Glastopf Web application honeypot gets SQL injection emulation capability”

Retrieved from: http://www.pcworld.com/article/262081/glastopf_web_application_honeypot_gets_sql_injection_emulation_capability.html

One thought on “Honeypots, Dorks and a protective SQL Injection.

  • November 11, 2012 at 11:01 pm

    Your article title caught my attention (Honeypots & Dorks) and I found it very interesting. I was relieved to read that Honeypot and DARPA were able to construct a SQL injection emulator as it will make countering future SQL injections a bit easier. I was surprised to read from the original article that the average SQLi attacks was 17.5 between December 2011 and May 2012 with the worse case for a web application was 320 times! I definitely use the Honeypot project for reference along with another helpful resource that I mention in my blog, “Tips to Reject SQL Inject.”

Comments are closed.