Difference between revisions of "AppSensor ResponseActions"

From OWASP
Jump to: navigation, search
m
Line 1: Line 1:
 
=About This Document=
 
=About This Document=
 
These response actions are part of the [http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project OWASP AppSensor] project which advocates bringing intelligent intrusion detection inside the application.  These responses can be used to counter a malicious user that [http://www.owasp.org/index.php/AppSensor_DetectionPoints has been detected] probing for vulnerabilities or weaknesses within your application.
 
These response actions are part of the [http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project OWASP AppSensor] project which advocates bringing intelligent intrusion detection inside the application.  These responses can be used to counter a malicious user that [http://www.owasp.org/index.php/AppSensor_DetectionPoints has been detected] probing for vulnerabilities or weaknesses within your application.
 +
 +
<b>THIS PAGE IS STILL IN PROGRESS</b>
  
 
__TOC__
 
__TOC__

Revision as of 13:51, 27 August 2010

About This Document

These response actions are part of the OWASP AppSensor project which advocates bringing intelligent intrusion detection inside the application. These responses can be used to counter a malicious user that has been detected probing for vulnerabilities or weaknesses within your application.

THIS PAGE IS STILL IN PROGRESS

Contents


Overview

The following table lists possible AppSensor Responses (ASRs). The application response actions are categorized here by:

  • Silent: User(s) unaware of any application change
  • Passive: Process altered, but user(s) may still continue to process completion
  • Active: Functionality reduced or disabled

A text version of the table, with examples and alternative classifications, is described in AppSensor - Response Actions (64 KB PDF).

Appsensor response actions table 1.png


Detailed Listing

Classifications are:

  • Purposes: Logging, Notifying, Disrupting and Blocking
  • Target: One, Some or All users
  • Response duration: Instantaneous (e.g. just for the request), Period (e.g. time period or session duration), Permanent


Silent

ASR-A: Logging Change

id

ASR-A

title

Logging Change

classifications

Logging | One, some or all users | Instantaneous (request) or for a period

category

Silent

description

The granularity of logging is changed (typically more logging).

consideration
examples

Example 1: Capture sanitised request headers and response bodies

Example 2: Full stack trace of error messages logged

Example 3: Record DNS data on user's IP address

Example 4: Security logging level changed to include 'informational' messages

code

-

ASR-B: Administrator Notification

id

ASR-B

title

Administrator Notification

classifications

Logging and notifying | One, some or all users | Instantaneous

category

Silent

description

A notification message is sent to the application administrator(s)

consideration
examples

Example 1: Email alert sent to everyone in the administration team

Example 2: SMS alert sent to the on-call administrator

Example 3: Visual indicator displayed on an application monitoring dashboard

Example 4: Audible alarm in the control room

code

-

id

ASR-

title
classifications
 |    |  
category
description
consideration
examples

Example 1:

Example 2:

Example 3:

Example 4:

code

-


Passive

Active