AppSensor ResponseActions

From OWASP
Revision as of 13:01, 27 August 2010 by Clerkendweller (Talk | contribs)

Jump to: navigation, search

About This Document

These response actions are part of the OWASP AppSensor project which advocates bringing intelligent intrusion detection inside the application. These responses can be used to counter a malicious user that has been detected probing for vulnerabilities or weaknesses within your application.

Contents


Overview

The following table lists possible AppSensor Responses (ASRs). The application response actions are categorized here by:

  • Silent: User(s) unaware of any application change
  • Passive: Process altered, but user(s) may still continue to process completion
  • Active: Functionality reduced or disabled

This table, with examples and alternative classifications, is described in AppSensor - Response Actions (64 KB PDF).

Appsensor response actions table 1.png

Detailed Listing

Silent

ASR-A: Logging Change

id

ASR-A

title

Logging Change

classifications

Logging | One, some or all users | Instantaneous (request) or for a period

category

Silent

description

The granularity of logging is changed (typically more logging)

consideration
examples

Example 1: Capture sanitised request headers and response bodies

Example 2: Full stack trace of error messages logged

Example 3: Record DNS data on user's IP address

Example 4: Security logging level changed to include 'informational' messages

code

-


Passive

Active