OWASP AppSensor Code v2.0.0 Final Released
iSpeech
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application.
Detect and Respond to Attacks from Within the Application
Detection
AppSensor defines over 50 different detection points which can be used to identify a malicious attacker.
Response
AppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator. More than a dozen response actions are described.
Defending the Application
An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.
[adsense size='1']
Changelog v2.0.0
- AppSensor has gone through a complete re-write from the previous version (1.x). Below are the major updates that were most important (and requested) in v2.
- Client-server architecture supporting multiple communication modes including: REST, SOAP, Thrift, local (shared JVM, java-only)
- Any language can be used on the client application. The only requirement is that the language selected must support the communication protocol of the execution mode that is configured (ie. if using REST as the execution mode, the language must be capable of making HTTP requests.) The server-side components are Java, but this places no restriction on the client applications themselves.
- There is no longer a hard dependency on ESAPI. AppSensor is a standalone project, though it can be integrated with projects that also use ESAPI if desired.
- The core components of the system have been renamed and now follow the appsensor v2 book naming conventions, which is based on standard IDS terminology for clarity.
- Basic user correlation is supported so that client applications that share a user base (SSO) can share attack detection/response information.
- A website for the project has been built (appsensor.org).
More Information:
Gloss