AppSensor-WS Developer Guide

From OWASP
Revision as of 08:47, 27 June 2013 by Clerkendweller (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

AppSensor WS Developer Guide

DRAFT PAGE

The AppSensor Project describes an application layer intrusion detection system. There is a Java implementation of this system whose basic usage can be found in the Getting Started guide. This document describes in more technical detail for developers how to use and extend AppSensor for a specific environment and application.

Developer Overview

AppSensor is an application layer intrusion detection system. A fuller description of the detection points and responses are available - note that not all of these ideas are implemented here. The selection of detection points, where they are added, and how the application responds is application and organisation dependent.

Obtaining AppSensor

The appsensor.jar can be downloaded here - [??? AppSensor-0.1.3.5.jar]

The source is available [??? here]

Set up the environment and source code

Using Windows with Eclipse and Tomcat

Java and Tomcat

  1. Install jdk1.6
  2. Download Eclipse Indigo and configure it to use the jdk runtime (<jdk installed path>\jre). This is done by going to Windows → Preferences. Then expand Java from left-side and select ‘Installed JREs’ option to specify the path of your installed JRE.
  3. Install Tomcat 6
  4. Configure Tomcat Server in Eclipse by going to Windows → Preferences. Then expand Server and select ‘Runtime Environments’ to specify the path of your Tomcat installation.
  5. Install Metro on Tomcat 6 to run SOAP web services
  6. Get the JAX-WS project from code repository and place it in the folder ‘JAX-WS’ on your machine. The project is built using Maven.
  7. Copy JAX-WS RI 2.2 jar files into the path <JAX-WS project workspace>\src\main\webapp\WEB-INF\lib. These jar files allow web services related code to compile.

AppSensor_WS_SOAP Web service

The following instructions describe how to run AppSensor_Soap_WS project using Eclipse and Maven.

  1. Make sure you have Maven plugin installed on Eclipse before running Maven commands.
  2. Install AppSensor-0.1.3.5.jar and esapi-2.0.1.jar using the following Maven commands. Right-click project name and select Maven→ Run configurations. Click ‘Maven Build’ section in the right hand column and then create a new configuration.
    1. To install AppSensor: Type ‘install:install-file -Dfile=AppSensor-0.1.3.5.jar -DgroupId=org.owasp.appsensor -DartifactId=AppSensor -Dversion=0.1.3.5 -Dpackaging=jar’
    2. To install ESAPI: Type ‘install:install-file -Dfile=esapi-2.0.1.jar -DgroupId=owasp -DartifactId=ESAPI -Dversion=2.0 -Dpackaging=jar’
  3. Then right-click the project and select Maven→ Run configurations and type ‘process-classes’ as Maven ‘Goal’
  4. Right-click the project and select Maven→ Run configurations and type ‘war:war’ as Maven ‘Goal’ to generate a war package.
  5. Make sure the Tomcat server is stopped. Place the war package in the webapps folder under <Tomcat installation directory> and Rename it to JAX-WS.
  6. Generate a self signed certificate using keytool (available under <jdk installation>\bin) keytool -genkey -alias tomcat -keyalg RSA
  7. The .keystore file will get generated in your profile folder e.g., C:\Documents and Settings\<your username>
  8. Place the .keystore file at C:\. Enable the ssl HTTP connector in the server.xml file under <Tomcat installation directory>\conf
  9. Start the Tomcat server.
  10. The wsdl can be seen by typing the following URL in the browser http://localhost:8080/JAX-WS/as_soap_service?wsdl

Web service client

  1. Get the JAX-WS Client project from code repository and place it in the folder ‘JAX-WS Client’ on your machine.
  2. AppSensor jar file is required to install using the following command as a Maven Goal. The AppSensor-0.1.3.5.jar file should be placed at the root of JAX-WS Client folder. install:install-file -Dfile=AppSensor-0.1.3.5.jar -DgroupId=org.owasp.appsensor -DartifactId=AppSensor -Dversion=0.1.3.5 -Dpackaging=jar
  3. Add username/password as ‘myuser2/mypass2’ in tomcat-users.xml file
  4. If the code requires compilation, compile it using ‘Process-classes’ as a Maven Goal
  5. Make sure SSL connector is enabled on your Tomcat server.
  6. Run MyServiceClient_BA java file (If you are using Eclipse, this can be done by right click on the code file and select Run as Main)