Sometimes, a simple trap or honeytoken placed at the right spot in your application can be enough to catch suspicious activity. This video from Shakacon by two Application Security Engineers at Netflix is an example implementing this idea with a project called Ensnare (unfortunately not maintained anymore).
I was wondering whether this form of attacker detection is actually practiced by you folks and what your experiences were in regards to successes, issues, implementation and maintenance effort.
Another, more recent illustration of this idea can be found in this talk by Dana Epp:
Top comments (0)