This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Clubbing WebApps with a Botnet

Jump to: navigation, search

The presentation

Owasp logo normal.jpg
The lonely hacker taking pot-shots at a Web application & seeking out an exploitable flaw - is quickly going the way of the dinosaur. Why try to hack an application from a solitary host using a single suite of tools when you can distribute and load-balance the attack amongst a global collection of anonymous bots and even ramp up the pace of attack by several orders of magnitude? If you're going to _really_ hack a Web application for commercial gain, the every-day botnet is now core equipment in an attacker's arsenal. Sure, DDoS and other saturation attacks are possible & but the real benefits of employing botnets to hack Web applications come from their sophisticated scripting engines and command & control which allow even onerous blind-SQL-injection attacks to be conducted in minutes rather than days. If someone's clubbing your Web application with a botnet, where are your weaknesses and how much time have you really got?

The speaker

Gunter Ollmann is a known veteran in the security space and currently serves as VP of Research at Damballa. Prior to joining Damballa, Ollmann held several strategic positions at IBM Internet Security Systems (IBM ISS) with the most recent being the Chief Security Strategist. In this role he was responsible for predicting the evolution of future threats and helping guide IBM's overall security research and protection strategy, as well as being the key IBM spokesperson on evolving threats and mitigation techniques. He also held the role of Director of X-Force as well as the former head of X-Force security assessment services for EMEA while at ISS (which was acquired by IBM in 2006). Prior to joining ISS, Ollmann was the professional services director of Next Generation Security Software (NGS), a vulnerability research and attack-based consulting firm. Ollmann has been a contributor to multiple leading international IT and security focused magazines and journals, and has authored, developed and delivered a number of highly technical courses on Web application security. He is a well-known industry speaker worldwide and is often invited to present at various international security conferences. Ollmann is also highly regarded in the press as an expert source on security threats and is a frequently quoted by the international media.