This was the presentation I did at the first annual AppSec Pacific Northwest conference. (pnwcon.com)
In this presentation you'll learn how to build into your web apps small “tripwires” that will help you detect if hackers are enumerating your systems, bypassing security controls or otherwise gaining unauthorized access to code, data or infrastructure.
Sometimes called canary tokens, other times honeytokens, these bits of code will help your DevOps, CloudOps and SecOps teams get notified when nefarious activity may be present in your staging and production systems way before they would typically be detected. It can also help with aligning indicators of compromise (IoCs) in your applications with attacker attribution to help your operations team to pinpoint threats much earlier in the attack chain.
In the end, you will have AllTheThings you need to leverage decoys and deception to detect and defend your web applications.
---
Want to get exclusive tips, tricks and killer command line cheats to hack your apps and infrastructure? Join my inner circle at learn.vulscan.... 💎
5 окт 2024