Research from the Lab

internet security research

Information Security is a fast changing field. The techniques of the attackers are constantly changing so it is necessary study attack methods and to adapt when necessary.

Popular research items include the web hosting technology surveys of the past couple of years, the WordPress Infographic and the IPv6 hosting Infographic.


Security Visualisations

Security Operations and Security Event Analysis effectiveness can be greatly improved through visualizing security event data. While some people take great pleasure in looking at long lists of statistics from firewalls, intrusion detection systems and other security related logs most find it not only boring but also ineffective.

Visualizing the data can help an analyst spot patterns and trends that may otherwise be missed. It also makes your reports look pretty. :)

An excellent resource on visualization (not only security focused) with a collection of examples is the Flowing Data Blog. A more security focused site is the SecViz project.

TitleDescription
Mapping Web Attacks with SplunkQuickly map web application attacks such as the WordPress Timthumb using Splunk and Geolocation plugins.
SSH Blacklist VisualizationUsing SSH black list data in this visual we plot the location of the different blacklisted IP’s based on an IP geo-location lookup and then plotted onto a google mapped visualisation.
Tor Exit Node VisualizationTor is a network of relays that are able to provide anonymity to its users. It is used by people all around the world; often by those who are living under oppressive regimes. An exit node is where the action is, this is where the traffic comes out of the encrypted tunnels and really hits the internet. This visualisation shows a break down of those exit nodes.


Tutorials and Guides

Introductory tutorials and guides for building, installing and using Open Source security solutions on your own systems.

TitleDescription
Nmap TutorialA basic tutorial for installing Nmap and getting started using this powerful tool.
SQLmap TutorialWith SQLmap you can go from initial discovery of SQL Injection to complete database and server compromise. This tutorial will get you started.
Nikto TutorialInstall Nikto and scan web servers with this simple tutorial.
XSS TutorialAn introductory tutorial to cross site scripting (XSS). Understand the basics of how XSS works, to understand the risk.
Port Scanner GuideKnowing how a Port Scanner benefits your security testing, is an essential step in building secure systems.
10 years of SQL InjectionA compilation of the largest SQL Injection attacks over the past 10 years. A good reminder of the need for secure web application development!
Firewall Ubuntu with UFWConfigure an IP Tables Firewall on Ubuntu with UFW in this tutorial.

Passive Website Analysis

Looking at the technology behind the most highly trafficked websites in world (top one million sites) provides insight into Internet trends; including Internet Security, where our particular interests lie.

Over 12 months ago, we did an analysis of the Top 1 Million websites that included details of the web servers, hosting companies, web applications and locations of the sites. We are working on expanding this research into new area’s and building a new set of data for 2012.

TitleDescription
100K Top Websites powered by WordPressIn this post we look at the top 100’000 wordpress sites; digging a bit deeper to pull out the Hosting Provider, Theme Name and Web Server the sites are running on. Download the full list of sites in .csv format to perform your own analysis or perhaps to see where you are sitting in the list.
WordPress WooThemes Framework UpdatesWooThemes is one of the most successful theme development shops on the planet. In this analysis we look at how well webmasters apply security updates to the WooThemes Framework. Theme updates are just as important as WordPress Core and Plugin updates when maintaining a WordPress installation.
WordPress Theme UsageWordPress is now hitting over the 16% mark in the top 1 million websites. This analysis breaks down the most popular commercial and free themes.
HTTP Headers for SecurityWith a number of different http headers available for protecting the end user, we performed some analysis to find out how prevalent the configuration of these headers is in the top websites.
IPv6 InfographicDuring March we conducted analysis that involved looking for the presence of IPv6 AAAA records for the sites in the Top 1 Million. Through this analysis we found only 1.1% of all sites have made the move towards the new IP addressing technology.
WordPress InfographicWordPress is the worlds most popular content management system. With around 15% of the top websites, this Infographic explores the hosting, security updates and operating systems of those sites.
Hosting Report 2011During March 2011 we examined the hosting providers of the top 1 million sites, top 100000 sites and the top companies.
CMS Survey SummaryContent management systems (CMS) run many of the worlds websites both at the high end in the top 100’000 sites in the world and right down to personal blogs. This study has a look at the breakdown of the different systems.
Web Server Survey SummaryThis analysis shows a breakdown of the web servers used by the most popular sites in the world.