AppSensor Cheat Sheet

Revision as of 15:27, 23 May 2012 by Clerkendweller (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search




What to detect

The most commonly implemented detection points are:

How to respond


Typical responses, that the application may already support in some manner, are:

  • Change monitoring of the user (e.g. increase logging level)
  • Raise an alert
  • Add time delays
  • Log a user out (and possibly lock the account)

More advanced responses could include

  • Changing a function (adding a CAPTCHA, ??? )
  • Disabling a function (for the user, for a group of users, for all users)
  • Affecting behaviour of another systems (e.g. goods despatch held, firewall blocks IP address)
  • Altering user properties (changing their credit level)

How to

Software acquisition

In your own code

No code available

Related articles

Other Year of Security for Java Week 18 - Perform Application Layer Intrusion Detection

Authors and primary contributors

Colin Watson - colin.watson[at]

OWASP Cheat Sheets Project Homepage