Stopping Automated Attack Tools – Whitepaper from NGS with a collection of techniques you can use in Web applications to break, confuse, or detect vulnerability scanners when they come to visit (PDF).
– From The Daily Grind
Distracting the Mind with Information Overload
Stopping Automated Attack Tools – Whitepaper from NGS with a collection of techniques you can use in Web applications to break, confuse, or detect vulnerability scanners when they come to visit (PDF).
– From The Daily Grind
A great way to do it is also to attack yourself. You then see both sides of the equation.
We use ScanAlert, who regularly “audit” (read “attack using many vectors”) our various eCommerce outlets. This generates a report of potential vulnerabilities which they provide, but also provides us with our own data as a result of the attacks. Internally, we get how these attacks manifest themselves by .NET exception traps, validation traps etc. being audited. (eg. yesterday, I had a mailbox with over 1,000 audit events which had to be checked against the attack vectors)
All systems okay!