Dear BugTraq List, Imperva(tm)'s Application Defense Center (ADC) has released a new white paper. The new paper demonstrates the feasibility of launching worms that attack custom Web application software automatically. These methodologies leverage common Web search engine technologies to achieve the characteristics of a worm: anonymous origin, automated discovery of vulnerable sites, automated exploit and self-propagation. The paper is based on the the research, led by Amichai Shulman, the company's CTO, that was conducted by Imperva's Application Defense Center (ADC). Imperva's ADC has begun to see open discussion in the security community around the theoretical use of search engines to automate the exploit of vulnerabilities in custom application software. Experience shows that this will lead, at some point, to a real worm targeting these vulnerabilities. Putting the pieces together by conducting a controlled feasibility study, and testing how self-propagation might be enabled, validates the theory. It is important that the security community address these issues before the hacking community does so we can enable better defenses. The paper was written by Amichai Shulman, Co-Founder and CTO, Imperva Inc. Table of Contents: - Abstract - Introduction - Anatomy of an Automated Application Worm - War Searching - Advanced War Searching - The Search of Death - Conclusion The paper can be downloaded at http://www.imperva.com/application_defense_center/white_papers/default.a sp?show=appworm --- Imperva(tm) Application Defense Center (adc imperva com) http://www.imperva.com/adc
