Honeytokens as active defense

Web applications are one of the mostly attacked platforms today, and because of that new ways to break into the web applications are being invented almost on a daily basis, allowing attackers to steal user´s personal data, credit card numbers, and conduct many other frauds related to data and applications hosted on the Internet servers and databases. Some of the reasons that web applications are constantly attacked is 24/7 availability, mix of technologies used to provide needed functionality, interesting data in the backend databases and easy way to avoid punishment for crimes committed against web sites and website users/owners. There is also an aspect related to cybercrime and cyber warfare that is marching throughout the planet in the last few years, exposing more and more personal data in highly sophisticated and targeted attacks. This paper will try to summarize few different ways that web application could be written in order to identify, isolate and track the hacker during the attack process. The concept presented in this paper is so called honeytoken - a value the application is using in databases, files, parameters, etc, which should never be changed or touched by the application in normal application lifecycle.