What is a Canary Trap?

What is a Canary Trap?


def·i·ni·tion: An effective method for exposing an information leak

Introducing Canary Trap.

No, it’s not a snare for catching yellow finches! A canary trap is a weapon of espionage! It’s a tool for detecting and plugging information leaks — a clever ploy to determine which canary is singing when under orders to remain silent.

The term was first popularized and described by novelist Tom Clancy in the 1987 best-seller Patriot Games.

Here’s how a canary trap works: a memo with sensitive information is distributed to several individuals (canaries), but the wording is varied slightly in each copy of the memo provided. If the information gets leaked to anyone not authorized to receive it, one glance at the leaked text reveals which version of the memo was leaked — the source of the leak is identified.

There are multiple variations of a canary trap. Some are simpler, some are far more elaborate. What’s the relevance? The nature of our business is to identify vulnerabilities (leaks) that exist within our clients’ networks, systems, web and mobile applications in order to enable remediation and provide necessary business assurance.

Setting up a canary trap

Define the scope, goals and objectives underlying the test, including the system(s), network(s), and application(s) that will be targeted. Identify the testing methods to be used. Canary Trap follows industry best practices including, but not limited to: Penetration Testing Execution Standard (PTES), Open Web Application Security Project (OWASP) “Top 10” and FedRAMP Pen Test Guidance v3.0.

Canary Trap will gather intelligence (e.g., network address ranges, domain names, service providers) to better understand how a target works and uncover its potential vulnerabilities.

Leverage human expertise, automated tools and manual processes to understand how the in-scope targets respond to various intrusion attempts. Canary Trap’s team of elite security experts will quickly enumerate and map the in-scope target(s) and be directly responsible for performing the most labor-intensive activities.

We aim to uncover known and unknown vulnerabilities using safe and non-destructive methods of attack. Each step will be documented as to enable our clients are able to recreate and validate the method(s) of exploitation.

Provide you with the results of the security testing which will be compiled into our Findings Report for your review. Being successful in uncovering previously unknown vulnerabilities will enable you, with or without the support of Canary Trap, to remediate the issue(s) identified and elevate the security hygiene of your organization.

Once complete, Canary Trap can be engaged to retest as to ensure that the identified vulnerabilities uncovered during testing have been fixed -and- that the applied fixes haven’t created new vulnerabilities.