secappdev.org's video: Watching the attackers with a web honeypot - Aur lien Francillon

Compromised websites are often used by attackers to deliver malicious content or to host phishing pages designed to steal private information from their victims. In a first part of the talk I will describe Eurecom's web honeypot, a set of deliberately vulnerable web applications that are regularly compromised by real attackers. In a second part of the talk, I will describe tests we performed on the ability of specialized monitoring services and web hosting providers to detect compromised websites and how they react to user complaints. This lecture was delivered in a meeting of the Belgian chapter of OWASP on February 24th 2015 in Leuven. Aurélien Francillon is an assistant professor in the Networking and Security department at EURECOM, where he is co-heading the System and Software Security group. Prior to that he obtained a PhD from INRIA and Grenoble INP and then spent 2 years as a postdoctoral researcher in the System Security Group at ETH Zurich. He is mainly interested in practical aspects of the security of embedded devices. In this context he has worked on topics such as code injection, code attestation, random number generation, hardware support for software security, bug finding techniques as well as on broader security and privacy topics. He served in many program committees and was program co-chair of CARDIS 2013.