RWDD optimized for static web pages

A tool that provides an automatic warning about web site defacements was among the range of utilities released during the Black Hat Arsenal sessions this week.

The Remote Web Deface Detection (RWDD) tool crawls a website and collects any hyperlinks.

It then generates a SHA-256 hash value for each of the web pages and uses it for comparison in order to detect any changes.

The utility was developed by independent security researcher Ade Yoseman Putra and his research colleague, Prashant KV.

Even subtle defacements that might be missed by the naked eye will set off an alarm.

“As remote web deface detection uses hash values to compare, a slight change is enough to trigger an alarm,” Putra told The Daily Swig.

“There is no tag comparison of the web page, but even a slight defacement will trigger an alarm.”

Putra said that the tool is best suited to detecting changes in static web pages.

“Remote web deface detection will detect defacement and any other changes made by the hackers and notify the user immediately,” he said.

“However, it is best suitable for static web pages, whose backend code are fixed for every scenario.”

The researchers took the wraps off the utility during an Arsenal session of the Black Hat conference in Las Vegas yesterday, entitled ‘RWDD: Remote Web Deface Detection Tool’.

Use of the Magecart techniques by criminals to slip credit card skimming code into web payment pages is on the rise. However, RWDD isn’t aimed at this particular problem.

Yoseman explained that the tool is “best suited to provide an early defacement notification so that user can take necessary steps in time”.

“Remote web deface detection will notify about defacement as soon as the limit threshold is crossed, user should take necessary steps then,” he added.