Columbus OWASP Meeting Presentation

Last week, I presented at the Columbus OWASP meeting on defensive fuzzing, tampering with production web applications as a defensive tactic and some of the other odd stuff we have done in that arena. 

The presentation was called “Hey, You Broke My Web Thingee :: Adventures in Tampering with Production” and I had a lot of fun giving the talk. The crowd interaction was excellent and a lot of folks have asked for the slide deck from the talk, so I wanted to post it here

If you missed the talk in person, feel free to reach out on Twitter (@lbhuston) and engage with me about the topics. I’d love to discuss them some more. Please support OWASP by joining it as a member. These folks do a lot of great work for the community and the local chapter is quite active these days! 

OWASP Talk Scheduled for Sept 13 in Columbus

I have finally announced my Columbus OWASP topic for the 13th of September (Thursday). I hope it turns out to be one of the most fun talks I have given in a long while. I am really excited about the chance to discuss some of this in public. Here’s the abstract:

Hey, You Broke My Web Thingee! :: Adventures in Tampering with Production

Abstract:
The speaker will tell a few real world stories about practical uses of his defensive fuzzing techniques in production web applications. Examples of fighting with things that go bump in the web to lower deployment costs, unexpected application errors and illicit behavior will be explained in some detail. Not for the “play by the book” web team, these techniques touch on unconventional approaches to defending web applications against common (and not so common) forms of waste, fraud and abuse. If the “new Web” is a thinking admin’s game, unconventional wisdom from the trenches might just be the game changer you need.

You can find out more about attending here. Hope to see you in the crowd!

PS – I’ll be sharing the stage with Jim Manico from White Hat Security, who is always completely awesome. So, come out and engage with us!

Audio Blog Post: Defensive Fuzzing and MSI’s Patent

What goes into getting a patent? The answer would be: a lot of work! Brent Huston, CEO and Founder of MicroSolved, Inc., talks with Chris Lay, Account Executive, about MSI’s first patent for HoneyPoint’s defensive fuzzing capability. In this audio blog post, you’ll learn:

  • What is the patent about?
  • What is defensive fuzzing?
  • What went into the patent process?

Grab a drink and take a listen. As always, let us know what you think!

Click here to listen.

And don’t forget, you can follow Brent Huston on Twitter at @lbhuston and Chris Lay at @getinfosechere!

MicroSolved, Inc. Receives U.S. Patent For HoneyPoint Defensive Fuzzing InfoSec Tool

MicroSolved, Inc. is pleased to announce that they have received a U.S. Patent (8,196,204 B2) on June 5, 2012, on technology components of their product HoneyPoint Security Server. This technology, known as “defensive fuzzing,” and the improvement mechanisms associated with it are a core component of creating self-defending implementations with HoneyPoint. 

The defensive fuzzing mechanism allows a computer network’s HoneyPoints to listen for an incoming connection from an attacker, and then disrupt that connection by tampering with the expected responses — in essence “fuzzing” the conversation. In many cases, this can confuse or crash the attacker’s tools or malware, limiting their capability to perform further attacks or damage.

The patent also covers a quality improvement technique for HoneyPoint technology. As the defensive fuzzing occurs, HoneyPoint tracks how successful it was with a given fuzzing technique. It has the ability to share that knowledge among various HoneyPoints so that as the system gets better with defensive fuzzing, the entire distributed system gets better at protecting the user’s environment.

This feature of MSI’s HoneyPoint detection system takes a passive defense and turns it into an active defense that can protect itself without human intervention.

“At MSI, we are truly committed to helping organizations protect their information assets, and we see this patent on defensive fuzzing as the next logical extension in helping organizations achieve high levels of protection with lower levels of resource requirements,” said Brent Huston, CEO and Founder of MicroSolved, Inc. “We are truly dedicated to extending even further in the future, the capability for organizations to defend their intellectual property.”

For more information about HoneyPoint, please visit our HoneyPoint webpage. To learn more about MicroSolved, Inc., visit wwww.microsolved.com.