AppSensor ResponseActions

From OWASP
Revision as of 12:46, 27 August 2010 by Clerkendweller (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

About This Document

These response actions are part of the OWASP AppSensor project which advocates bringing intelligent intrusion detection inside the application. These responses can be used to counter a malicious user that has been detected probing for vulnerabilities or weaknesses within your application.

Contents


Overview

The following table lists possible AppSensor Responses (ASRs). This table, examples and alternative classifications are described in [AppSensor - Response Actions] (64 KB PDF).

Appsensor response actions table 1.png


Detailed Listing

Silent

ASR-A: Logging Change

id

ASR-A

title

Logging Change

classifications

Logging | One, some or all users | Instantaneous (request) or for a period

category

Silent

description

The granularity of logging is changed (typically more logging)

consideration
examples

Example 1: Capture sanitised request headers and response bodies

Example 2: Full stack trace of error messages logged

Example 3: Record DNS data on user's IP address

Example 4: Security logging level changed to include 'informational' messages

code

-


Passive

Active