AppSensor GSS IFSEC 2011

=About This Document= This page is being used to draft an application to Global Security Challenge's IFSEC Future of Security Competition 2011 for the OWASP AppSensor project.

=Finalised application=

(TBC)

=Draft application=

Draft 1
Question 1 - Name:

??? ??? on behalf of the Open Web Application Security Project (OWASP)

Question 2 - Email:

???@owasp.org

Question 3 - Country:

Worldwide (established as a not-for-profit charitable organization in the United States on 21 April 2004, and formally recognized as a 501(c)(3) not-for-profit charitable organization on 10 December 2004)

Question 4 - Name of Idea/Company

OWASP AppSensor

Question 5 - Address:

OWASP Foundation, 9175 Guilford Road Suite #300, Columbia, MD 21046

Question 6 - Phone Number:

Not applicable.

Question 7 - Web address:

http://www.owasp.org/index.php/OWASP_AppSensor_Project

Question 8 - The Year your company/idea was founded (if applicable):

The AppSensor project was conceived in 2008

'''Question 9 - Technology Category: the technology can best be described as fitting into which category? Please select your answer(s): Access Control, CCTV, Intruder Alarms, Integrated Security IP Network Solutions, Security Guarding and Support Services, Border Security, Port & Maritime Security, Transport & Airport Security, CBRNE Protection, Urban Security'''

Integrated Security IP Network Solutions

'''Question 10 - Summary of your Innovation. Give us a short description of your idea or product. Name three or more reasons why your product is innovative and superior (technically or otherwise).'''

AppSensor defines a conceptual framework, methodology and example code to implement intrusion detection and automated response into applications. There are no other products, or concepts, elsewhere that provide the breadth and depth of application-layer intrusion detection. Response does not require later, or offline analysis, since it is undertaken in real time. Since AppSensor has full information on user sessions and the desired business logic of the application, it has a very low false positive attack detection rate, and can detect attacks that network firewalls, traditional network/host intrusion detection systems and even generic web applications firewalls cannot detect.

'''Question 11 - Benefits to Customer. Name three or more quantitative statements discussing why this idea/product benefits your customer. Tell us who your target market is and what security problem your innovation solves?'''

The users of AppSensor are groups which operate software applications - these are likely to be both private and public sector organisations, including those in the 'third sector'. Currently operators of applications typically do not know their applications are under attack, and convention security protection systems provide no protection to application-layer attacks. Users of AppSensor benefit from visibility into probes and attacks against their applications, and are able to respond to attacks in real time. '!!!quantitative values needed!!!'

'''Question 12 - IP Status. Do you own all the necessary IPs? Have you applied for or have been granted a patent? If not, why not?'''

The copyright holder is the OWASP Foundation. AppSensor is available under a Creative Commons Attribution-ShareAlike 3.0 License http://creativecommons.org/licenses/by-sa/3.0/ (see http://creativecommons.org/licenses/by-sa/3.0/legalcode for the full license). No patent has, or will be applied for, since OWASP's mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all materials are available under a free and open software license. Therefore, OWASP encourages free use, modification and redistribution under the terms of the license.

'''Question 13 - Technology. Describe how the technology works, what the system's components are and how the product interfaces externally. Explain how your solution could be integrated into a larger system or further developed to enhance its value to the targeted customer community. We do not want to know your 'secret sauce' but require enough information for the judges to understand what you are doing and to evaluate its merits and to differentiate you from others in the field.'''

The AppSensor Project defines an application layer intrusion detection system. AppSensor is embedded inside the application code and uses detection points to identify suspicious and malicious behavior. AppSensor analyses and responds to security events in real time, with responses such as logging a user out, locking their account, disabling part of the application, or changing the way the application works (e.g. by adding delays, or alternative checks).

The power of AppSensor is:


 * Knows whether the application is under attack
 * Understands the application context
 * Full integration with user properties/session
 * Extremely low false positive detection rate
 * Respond to attackers in real time, such as logging them out or locking their account

The project comprises of a conceptual framework, and guidance for planning and developers:


 * AppSensor, https://www.owasp.org/images/2/2f/OWASP_AppSensor_Beta_1.1.pdf
 * AppSensor Detection Points, http://www.owasp.org/index.php/AppSensor_DetectionPoints
 * AppSensor Response Actions, http://www.owasp.org/index.php/AppSensor_ResponseActions
 * AppSensor Implementation Planning Workbook, http://www.owasp.org/index.php/File:Appsensor-planning.zip
 * AppSensor Developer Guide, http://www.owasp.org/index.php/AppSensor_Developer_Guide

The project is programming language, framework and operating system agnostic. The concepts can be implemented in any application, but demonstration code has been written which builds on the ESAPI framework. This is currently only available in Java. The example code, or the concepts, can easily be built into software in any organisation, and in any language. There is no single way to use AppSensor - it depends upon each organisation's:


 * development practices
 * architectural design patterns
 * use of code libraries and frameworks

There are no restrictions, other than defined in the answer to question 12. The objective is to provide value to the software development community.

'''Question 14 - How does this innovation change the World tomorrow? Describe why do you think your technology is disruptive for the security industry?'''

Traditional defensive measure for applications have to guess about the user's intent and what is acceptable usage. Network firewalls let both malicious and non-malicious traffic through to applications (e.g. all HTTP traffic to a web site or web application), except where there are perhaps traffic limitations in place. Network & host intrusion detection/prevention systems are like forensic systems which are trying to look for unusual activity, and often this relates to evidence from a deeper, packet and system level. Even generic web application firewalls have little knowledge about the application's logic, valid entry points or the roles & permissions of various users.

The two unique innovations are:


 * AppSensor operates in real time making informed decisions about mis-use
 * AppSensor has an extremely low false positive detection rate

This means that actual attacks can be identified with a very high degree of certainty, and they can be stopped before they have the chance to exploit unknown vulnerabilities. It is a proactive approach that reduces risk.

'''Question 15 - Market. Where do you fall within your market? How are you different than other players? Describe the size of the market, its growth potential, demand opportunity and customer preferences. (Successful applications have described competitors and substitutes, how you position your company/technology in the industry and your relationship with suppliers.)'''

OWASP is unique in that it makes all its resources freely available. The ideas and concepts in AppSensor exist to some extend in some commercial products, and the general approach is often included in some software (e.g. locking account after multiple failed authentication attempts). But these are often implemented as discrete processes and some, like the investigation of logs, may be undertaken reactively to incidents or performed largely in a manual way. AppSensor centralizes and formalizes this approach.

'''Question 16 - Business Plan. Explain how you intend to reach your market. Be as specific as you can about your strategy in terms of pricing, promotion, selling and distribution.'''

'''Question 17 - How would you spend the winning prize of $10,000? How will winning this competition affect the development of your innovation or technology?'''

'''Question 18 - What do you expect from the mentorship? How do you intend to get benefit from the offered mentorship? What can it mean practically for your innovations,future?'''

=Original questions=

(Please don't edit this master copy)

Question 1 - Name:

Question 2 - Email:

Question 3 - Country:

Question 4 - Name of Idea/Company

Question 5 - Address:

Question 6 - Phone Number:

Question 7 - Web address:

Question 8 - The Year your company/idea was founded (if applicable):

''Question 9 - Technology Category: the technology can best be described as fitting into which category? Please select your answer(s): Access Control, CCTV, Intruder Alarms, Integrated Security IP Network Solutions, Security Guarding and Support Services, Border Security, Port & Maritime Security, Transport & Airport Security, CBRNE Protection, Urban Security''

''Question 10 - Summary of your Innovation. Give us a short description of your idea or product. Name three or more reasons why your product is innovative and superior (technically or otherwise).''

''Question 11 - Benefits to Customer. Name three or more quantitative statements discussing why this idea/product benefits your customer. Tell us who your target market is and what security problem your innovation solves?''

''Question 12 - IP Status. Do you own all the necessary IPs? Have you applied for or have been granted a patent? If not, why not?''

''Question 13 - Technology. Describe how the technology works, what the system's components are and how the product interfaces externally. Explain how your solution could be integrated into a larger system or further developed to enhance its value to the targeted customer community. We do not want to know your 'secret sauce' but require enough information for the judges to understand what you are doing and to evaluate its merits and to differentiate you from others in the field.''

''Question 14 - How does this innovation change the World tomorrow? Describe why do you think your technology is disruptive for the security industry?''

''Question 15 - Market. Where do you fall within your market? How are you different than other players? Describe the size of the market, its growth potential, demand opportunity and customer preferences. (Successful applications have described competitors and substitutes, how you position your company/technology in the industry and your relationship with suppliers.)''

''Question 16 - Business Plan. Explain how you intend to reach your market. Be as specific as you can about your strategy in terms of pricing, promotion, selling and distribution.''

''Question 17 - How would you spend the winning prize of $10,000? How will winning this competition affect the development of your innovation or technology?''

''Question 18 - What do you expect from the mentorship? How do you intend to get benefit from the offered mentorship? What can it mean practically for your innovations,future?''