Verifying Link Security

The beauty of the internet is the hyperlink. All objects in the cyberspace are essential represented by a link or URL. Obviously, this includes malicious code. Delivering an email to a user with a link to a website hosting malicious code is the first step in most attack.

How you can verify a link is safe to visit before visiting it? There is a high risk of inflecting malware or virus if you visit every suspicious link. Fortunately, UC Santa Barbara student created a project to verify the suspicious URLs by actually visiting the destination. They even follow the redirect command and visit the deep links.  The project is

Wepawet is a platform for the analysis of web-based threats. Wepawet uses a composition of approaches and techniques to execute, trace, analyze, and characterize the activity of code whose execution is triggered by visiting a web page.

However, there is one possibility that since Wepawet is hosted with a fixed IP address, the attacker could return harmless content if they detect the source IP address is the same as Wepawet address. When using this tool, it is better that you use a public accessible proxy.

This entry was posted in Uncategorized and tagged , , on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of travel tech statup www.powerdata2go.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

One thought on “Verifying Link Security

  1. mengchow

    Twitter has in I think two years ago implemented security verification of URL before publishing. Sina Weibo is also doing the same. We need all web sites that take in public contents to in fact do the same. When they are publishing URLs, it is also important that they do verify the security of any external links before publishing. AV providers like F-Secure also offer a free URL security checking service at: http://browsingprotection.f-secure.com/swp/.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s