BLINDELEPHANT: Web Application Fingerprinting with Static Files

Expo Theatre (Hall G) October 19, 2010 - Feedback     

Bookmark and Share

Patrick Thomas

Well-known web applications are used for many purposes such as blogging, forums, e-commerce, database management, email and myriad others. Vulnerabilities in these applications (and their plugins) are discovered at an accelerated rate and are abused for site defacement and increasingly to serve malware.

Website administrators need to keep track of the versions of these web applications installed and update them to a non-vulnerable release. Static file fingerprinting is a technique to identify the version of a remote web application through only its publicly available resource files. The presentation will detail the steps in this fingerprinting process as implemented in the newly released BlindElephant open source tool, including full automation from database seeding to remote probing. The talk will also share results of an internet-wide survey of a million sites, and describe trends in user patch/update behavior and implications about effective (and ineffective) ways to motivate end users.