On Fri, Sep 2, 2011 at 6:19 PM, Chris Schmidt <chrisisb...@gmail.com> wrote: > On Sep 2, 2011, at 10:44 AM, "Goertzel, Karen [USA]" <goertzel_ka...@bah.com> > wrote: >> >> What we need is to start building software that can fight back. Then we >> could become part of "cyber warfare" which is much sexier than "software >> assurance". :) > > Simple. Owasp esapi + owasp appsensor + honeypot = win
I'd still consider that defensive. If you want" cyber warfare" and are willing to go over to the dark side, you can define your own custom AppSensor response actionsto act offensively. For instance, you could easily try to download malware to the attacker or mount a DoS attack against them. Personally, I don't recommend such escalation though, even if it is a tit-for-tat strategy. Reacting in that manner is likely to make you a criminal as well. -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________