Difference between revisions of "AppSensor ResponseActions"

From OWASP
Jump to: navigation, search
(Detailed Listing)
Line 12: Line 12:
 
* Active: Functionality reduced or disabled
 
* Active: Functionality reduced or disabled
  
This table, with examples and alternative classifications, is described in [http://www.owasp.org/index.php/File:Owasp-appsensor-responses.pdf AppSensor - Response Actions] (64 KB PDF).
+
A text version of the table, with examples and alternative classifications, is described in [http://www.owasp.org/index.php/File:Owasp-appsensor-responses.pdf AppSensor - Response Actions] (64 KB PDF).
  
 
[[File:Appsensor_response_actions_table_1.png]]
 
[[File:Appsensor_response_actions_table_1.png]]
 +
  
 
=Detailed Listing=
 
=Detailed Listing=
Line 23: Line 24:
 
* Target: One, Some or All users
 
* Target: One, Some or All users
 
* Response duration: Instantaneous (e.g. just for the request), Period (e.g. time period or session duration), Permanent
 
* Response duration: Instantaneous (e.g. just for the request), Period (e.g. time period or session duration), Permanent
 +
  
 
==Silent==
 
==Silent==
Line 47: Line 49:
 
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >description</td>
 
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >description</td>
 
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
The granularity of logging is changed (typically more logging)
+
The granularity of logging is changed (typically more logging).
 
</td></tr>
 
</td></tr>
 
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >consideration</td>
 
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >consideration</td>
Line 69: Line 71:
 
</table>
 
</table>
  
 +
===ASR-B: Administrator Notification===
 +
 +
<table style="border-style:double;border-width:3px;" >
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >id</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
ASR-B
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >title</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
Administrator Notification
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >classifications</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
Logging and notifying  |  One, some or all users  |  Instantaneous
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >category</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
Silent
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >description</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
A notification message is sent to the application administrator(s)
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >consideration</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >examples</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
Example 1: Email alert sent to everyone in the administration team
 +
 +
Example 2: SMS alert sent to the on-call administrator
 +
 +
Example 3: Visual indicator displayed on an application monitoring dashboard
 +
 +
Example 4: Audible alarm in the control room
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >code</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
-
 +
</td></tr>
 +
</table>
 +
 +
<table style="border-style:double;border-width:3px;" >
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >id</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
ASR-
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >title</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >classifications</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
  |    | 
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >category</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >description</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >consideration</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >examples</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
Example 1:
 +
 +
Example 2:
 +
 +
Example 3:
 +
 +
Example 4:
 +
</td></tr>
 +
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >code</td>
 +
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
 +
-
 +
</td></tr>
 +
</table>
  
  

Revision as of 13:19, 27 August 2010

About This Document

These response actions are part of the OWASP AppSensor project which advocates bringing intelligent intrusion detection inside the application. These responses can be used to counter a malicious user that has been detected probing for vulnerabilities or weaknesses within your application.

Contents


Overview

The following table lists possible AppSensor Responses (ASRs). The application response actions are categorized here by:

  • Silent: User(s) unaware of any application change
  • Passive: Process altered, but user(s) may still continue to process completion
  • Active: Functionality reduced or disabled

A text version of the table, with examples and alternative classifications, is described in AppSensor - Response Actions (64 KB PDF).

Appsensor response actions table 1.png


Detailed Listing

Classifications are:

  • Purposes: Logging, Notifying, Disrupting and Blocking
  • Target: One, Some or All users
  • Response duration: Instantaneous (e.g. just for the request), Period (e.g. time period or session duration), Permanent


Silent

ASR-A: Logging Change

id

ASR-A

title

Logging Change

classifications

Logging | One, some or all users | Instantaneous (request) or for a period

category

Silent

description

The granularity of logging is changed (typically more logging).

consideration
examples

Example 1: Capture sanitised request headers and response bodies

Example 2: Full stack trace of error messages logged

Example 3: Record DNS data on user's IP address

Example 4: Security logging level changed to include 'informational' messages

code

-

ASR-B: Administrator Notification

id

ASR-B

title

Administrator Notification

classifications

Logging and notifying | One, some or all users | Instantaneous

category

Silent

description

A notification message is sent to the application administrator(s)

consideration
examples

Example 1: Email alert sent to everyone in the administration team

Example 2: SMS alert sent to the on-call administrator

Example 3: Visual indicator displayed on an application monitoring dashboard

Example 4: Audible alarm in the control room

code

-

id

ASR-

title
classifications
 |    |  
category
description
consideration
examples

Example 1:

Example 2:

Example 3:

Example 4:

code

-


Passive

Active