Author(s): Davide Canali, Davide Balzarotti

Download: Paper (PDF)

Date: 25 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013


This work presents the design, implementation, and deployment of a network of 500 fully functional vulnerable websites aimed at studying what attackers do after they compromise a web application. Over 100 days of experiments, our system was able to collect and cluster 6,000 attacks containing over 85,000 files. This allowed us to draw a general picture of the web application attack landscape.