In 2022 we launched
OWASP Domain Protect, a tool using serverless functions to automate scans of an enterprise’s DNS environments in AWS, GCP and Cloudflare, test for subdomains vulnerable to takeover, and create Slack and email alerts.
Since then, new features have been added, including a migration of OWASP Domain Protect to a public Terraform Module hosted on the Terraform and OpenTofu Registries. This approach makes it very straightforward for users to incorporate OWASP Domain Protect to their own cloud infrastructure, and easy to keep it updated.
In this presentation, I’ll review the basics of subdomain takeover, describe the system architecture of Domain Protect, detail recent improvements, and give a live demonstration of vulnerable domain detection followed by automated takeover.
