https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Andrey+KomarovOWASP - User contributions [en]2026-05-31T13:23:44ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Scada_Security_Project&diff=147260OWASP Scada Security Project2013-03-09T08:24:43Z<p>Andrey Komarov: </p>
<hr />
<div>=Main=<br />
Security of SCADA is great challenge and WEB-applications play huge role in it. The Project aims to research modern SCADA security issues, related to WEB-applications security used in vendors solutions (ICS, SCADA, RTU, PLC, equipment for industrial networks and etc.). According to the statistics, one of the most popular remote attack vectors on SCADA is fingerprinting of exposed industrial devices by its front-ends and server-side components through application procols (HTTP, UPnP, SNMP, FTP, SSH, Telnet). It helps the hackers to detect critical infrastructures, as well as signatures of smart-metering devices, HVAC, medical devices. The idea os the project is to gather information about the ways of improving the security measures in modern ICS environments and to create guidelines for it's hardering. <br />
<br />
=Project About=<br />
{{:Projects/OWASP_Scada_Security_Project}} <br />
<br />
[[Category:OWASP Project]]</div>Andrey Komarovhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Scada_Security_Project&diff=147255Projects/OWASP Scada Security Project2013-03-09T08:12:40Z<p>Andrey Komarov: </p>
<hr />
<div>{{Template:Project About<br />
| project_name =OWASP Scada Security Project<br />
| project_home_page =OWASP_Scada_Security_Project<br />
| project_description =The primary aim of OWASP SCADA Security project is to gather information about different ICS/SCADA security threats related to WEB-applications and it’s environments, starting from reconnaissance (“foorprinting”) stage to vulnerabilities exploitation. <br />
<br />
Primary goals:<br><br />
-to aware ICS/SCADA developers about security vulnerabilities by providing information about found WEB-application viulnerabilities in software and firmware on famous vendors;<br><br />
-to create and publish freeware and open-source tools for ICS/SCADA security assessment written on scripting languages. <br />
| project_license =Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)<br />
| leader_name1 =Andrey Komarov<br />
| leader_email1 =Andrey.Komarov@owasp.org <br />
| leader_username1 =This is the wiki account for the leader<br />
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp_scada_security_project<br />
| project_road_map = https://www.owasp.org/index.php/Projects/OWASP_Scada_Security_Project/Roadmap<br />
}}</div>Andrey Komarovhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Scada_Security_Project/Roadmap&diff=147254Projects/OWASP Scada Security Project/Roadmap2013-03-09T08:12:00Z<p>Andrey Komarov: </p>
<hr />
<div>03.2013 – to create a “SCADA footprinting” cheetsheat;<br />
<br />
04.2013 – to create a “RTU & ICS telemetry devices footprinting” cheetsheat (Cheet Sheet will be updated); <br />
<br />
07.2013 – to create open-source footprinting library or tool;<br />
<br />
09.2013 – to create a prototype of IDS/IPS system on WEB-application threats related to ICS/SCADA, to formalize attack patterns;<br />
<br />
10.2013 – to create a library of IDS/IPS or honeypot system for WEB-environments acting as honeypot on standart WEB-servers for malicious activities detection and prevention. <br />
<br />
12.2013 – to create Hardering Guide for the most popular WEB-applications front-ends and server-side applications written on scripting languages used in ICS/SCADA of famous technological vendors. <br />
<br />
01.2014 – to create cyber intelligence module for ICS/SCADA/RTUs WEB-applications detection, to improve “SCADA footprinting” and “RTU & ICS telemetry devices footprinting” cheetsheats.</div>Andrey Komarovhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Scada_Security_Project/Releases/Current&diff=147246Projects/OWASP Scada Security Project/Releases/Current2013-03-09T07:47:16Z<p>Andrey Komarov: </p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
| project_name = OWASP Scada Security Project<br />
| project_home_page = OWASP Scada Security Project<br />
| release_name = SCADA/RTU/PLC detection cheet sheet<br />
| release_date = 09.03.2013<br />
<br />
| release_description = The signatures for the most popular SCADA/RTU/PLC products of famous vendors. It covers several methods of detection through the application level protocols such as HTTP, FTP, SSH. The aim of the cheet sheet is to gather information about the criteria useful for external reconnaissance stage from the hacker side. Additionally, this information will be used for the SCADA Honeypot developing within the project. The file will be regularly updated, feel free to send own signatures and methods of detection.<br />
<br />
'''Release Description'''<br />
<br />
| release_license = Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)<br />
| release_download_link = https://www.owasp.org/index.php/File:SCADA_detection_cheat_sheet_-_v.1.0.xlsx<br />
<br />
| leader_name1 = Andrey Komarov<br />
| leader_email1 = andrey.komarov@owasp.org<br />
| leader_username1 = 12837<br />
<br />
| release_notes = Additional Notes<br />
}}</div>Andrey Komarovhttps://wiki.owasp.org/index.php?title=File:SCADA_detection_cheat_sheet_-_v.1.0.xlsx&diff=147126File:SCADA detection cheat sheet - v.1.0.xlsx2013-03-08T21:11:54Z<p>Andrey Komarov: The signatures for the most popular SCADA/RTU/PLC products of famous vendors. It covers several methods of detection through the application level protocols such as HTTP, FTP, SSH. The aim of the cheet sheet is to gather information about the criteria use</p>
<hr />
<div>The signatures for the most popular SCADA/RTU/PLC products of famous vendors. It covers several methods of detection through the application level protocols such as HTTP, FTP, SSH. The aim of the cheet sheet is to gather information about the criteria useful for external reconnaissance stage from the hacker side. Additionally, this information will be used for the SCADA Honeypot developing within the project. The file will be regularly updated, feel free to send own signatures and methods of detection.</div>Andrey Komarovhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Scada_Security_Project&diff=147125Projects/OWASP Scada Security Project2013-03-08T20:52:17Z<p>Andrey Komarov: </p>
<hr />
<div>{{Template:Project About<br />
| project_name =OWASP Scada Security Project<br />
| project_home_page =OWASP_Scada_Security_Project<br />
| project_description =The primary aim of OWASP SCADA Security project is to gather information about different ICS/SCADA security threats related to WEB-applications and it’s environments., starting from econnaissance (“foorprinting”) stage to vulnerabilities exploitation. <br />
<br />
Primary goals:<br><br />
-to aware ICS/SCADA developers about security vulnerabilities by providing information about found WEB-application viulnerabilities in software and firmware on famous vendors;<br><br />
-to create and publish freeware and open-source tools for ICS/SCADA security assessment written on scripting languages. <br />
| project_license =Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)<br />
| leader_name1 =Andrey Komarov<br />
| leader_email1 =Andrey.Komarov@owasp.org <br />
| leader_username1 =This is the wiki account for the leader<br />
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp_scada_security_project<br />
| project_road_map = https://www.owasp.org/index.php/Projects/OWASP_Scada_Security_Project/Roadmap<br />
}}</div>Andrey Komarov