About This Document
These response actions are part of the OWASP AppSensor project which advocates bringing intelligent intrusion detection inside the application. These responses can be used to counter a malicious user that has been detected probing for vulnerabilities or weaknesses within your application.
The following table lists possible AppSensor Responses (ASRs). The application response actions are categorized here by:
- Silent: User(s) unaware of any application change
- Passive: Process altered, but user(s) may still continue to process completion
- Active: Functionality reduced or disabled
This table, with examples and alternative classifications, is described in AppSensor - Response Actions (64 KB PDF).
ASR-A: Logging Change
Logging | One, some or all users | Instantaneous (request) or for a period
The granularity of logging is changed (typically more logging)
Example 1: Capture sanitised request headers and response bodies
Example 2: Full stack trace of error messages logged
Example 3: Record DNS data on user's IP address
Example 4: Security logging level changed to include 'informational' messages