Dana Epp

Dana Epp

Offensive Security Engineer, Vulscan Digital Security

Hey, I’m Dana. People in the ether know me as ‘SilverStr’. I’ve spent decades as a security architect that focuses on helping secure software, data and infrastructure. You might say I’ve been on and led Blue and Red Teams well before it was even a thing.

When I am not helping to build and grow software companies focused on developing security tools I’m advising others on how to build and break their own applications and environments. As both a Microsoft Regional Director and Microsoft Security MVP, I spend a great deal of time on security (de)engineering in the cloud, especially in Microsoft Azure.

Presentation Abstract

Honeytokens: Detecting Attacks to Your Web Apps Using Decoys and Deception

In this presentation you will learn how to build into your web apps small “tripwires” that will help you detect if hackers are enumerating your systems, bypassing security controls or otherwise gaining unauthorized access to code, data or infrastructure.

Sometimes called canary tokens, other times honeytokens, these bits of code will help your DevOps, CloudOps and SecOps teams get notified when nefarious activity may be present in your staging and production systems way before they would typically be detected. It can also help with aligning indicators of compromise (IoCs) in your applications with attacker attribution to help your operations team to pinpoint threats much earlier in the attack chain.

In the end, you will have AllTheThings you need to leverage decoys and deception to detect and defend your web applications.