On Fri, 12 Jan 2007 bugtraq@xxxxxxxxxxxxxxx wrote: > The Web Application Security Consortium is also doing such a project at > http://www.webappsec.org/projects/honeypots/ . May be worthwhile to share data perhaps? My thoughts exactly! Although.. it is high time we started getting out of the mindset that web security equals code security (application security), it doesn't. Most of these application security issues are important, if not veru much so, but no matter how not trivial it is, they are completely solvable. It's time to get rid of useless application firewalls, etc. and face the music that there is currently a world of attacks we don't escalate against and mostly do not know how to defend against on a large scale. Take a look at zone-h if you need a reality check. Most of the attacks described in my email are happening from the same IP addresses, this is open relay days all over again, and it's time to wake up and start the spam war. Mitigate the threats by taking down bad sites, filter out bad URLs, filtr out attacking IP addresses, detect Linux and webserver malware, etc. Naturally, also remember the coding issues that caused it, and how we can fix them. We should also not forget PHP and its contribution to this mess. Gadi.
