What is a Canary Trap?

What is a Canary Trap?


def·i·ni·tion: An effective method for exposing an information leak

Introducing Canary Trap.


No, it’s not a snare for catching yellow finches! A canary trap is a weapon of espionage. It’s a tool for detecting and plugging information leaks — a clever ploy to determine which canary is singing when under orders to remain silent.

The term was first popularized and described by novelist Tom Clancy in the 1987 best-seller Patriot Games.

Here’s how a canary trap works: a memo with sensitive information is distributed to several canaries, but the wording is varied slightly in each copy of the memo. If the information gets leaked to anyone not authorized to receive it, one glance at the leaked text reveals which version of the memo was leaked — the source of the leak is identified.

There are multiple variations of a canary trap. Some are simpler, some are far more elaborate. The nature of our business is to identify vulnerabilities (leaks) that exist within our clients networks, systems, web and mobile applications in order to enable remediation and provide necessary business assurance.

Setting up a canary trap

Defining the scope, goals and objectives of the test, including the systems and applications that will be targeted and the testing methods to be used. Canary Trap leverages the OWASP “Top 10” as part of our methodology to properly assess Web Application security.

Canary Trap will gather intelligence (e.g., network address ranges, domain names, service providers) to better understand how a target works and uncover its potential vulnerabilities.

Leveraging automated tools and manual processes to understand how the in-scope targets respond to various intrusion attempts. Canary Trap’s security experts will quickly enumerate and map the in-scope target(s) and be directly responsible for performing the most labor-intensive activities.

We will uncover vulnerabilities using safe and non-destructive methods of attack. Each step will be documented as to enable our clients to recreate and validate the method(s) of exploitation.

Providing you with the results of the security testing which will be compiled into an Executive Report for your review. Being successful in uncovering previously unknown vulnerabilities will enable you, with or without the support of Canary Trap, to remediate the issue and elevate security hygiene.

Once complete, Canary Trap can be engaged to retest as to ensure that identified vulnerabilities have been fixed -and- that the applied fixes haven’t created new vulnerabilities.

What is the relevance of the services Canary Trap provides?

Attempts to breach the network perimeter and obtain access to LAN resources have been proven to be successful in 84% of external penetration tests.

Our security experts successfully breach the network perimeter in just one step 50% of the time.

75% of penetration vectors are caused by poor security hygiene of web resources.

Complete control over infrastructure has been obtained in 92% of client engagements.

The most common internal network issues relate to the use of dictionary passwords and insufficient protection against recovery of passwords from OS memory.

Interception of user account credentials is exploited in 87% of all client engagements involving internal penetration testing.

On average, 33% of employees are observed to running malware on their computer.

On average, 14% of employees are observed to engage in dialog with an impostor and disclose sensitive corporate information.

On average, 10% of employees are observed to enter account credentials in a fake authentication form.

In 88% of client engagements our security experts have been able to successfully connect to corporate WiFi networks.

Weak WiFi security enables our security experts to access corporate resources on the LAN in 68% of client engagements.