Difference between revisions of "Category:OWASP AppSensor Project"

Jump to: navigation, search
(Replaced content with '#REDIRECT OWASP AppSensor Project')
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{OWASP Book|5984542}}
#REDIRECT [[OWASP AppSensor Project]]
{{ProjectTabs |
{{:Project Information:template AppSensor Project}}
== AppSensor Overview ==
If you walk into a bank and try opening random doors, you will be identified, led out of the building and possibly arrested. However, if you log into an online banking application and start looking for vulnerabilities no one will say anything. This needs to change!
As critical applications continue to become more accessible and inter-connected, it is paramount that critical information is sufficiently protected. We must also realize that our defenses may not be perfect. Given enough time, attackers can identify security flaws in the design or implementation of an application.
In addition to implementing layers of defense within an application, we must identify malicious individuals before they are able to identify any gaps in our defenses. The best place to identify malicious activity against the application is within the application itself. Network based intrusion detection systems are not appropriate to handle the custom and intricate workings of an enterprise application and are ill-suited to detect attacks focusing on application logic such as authentication, access control, etc. This project will create the framework which can be used to build a robust system of attack detection, analysis, and response within an enterprise application
== Is this hard?==
No, simple checks are used to detect malicious activity. A security exception is then thrown and the AppSensor/ESAPI framework takes care of the rest.
== Get AppSensor ==
Download the AppSensor book for free at [http://www.lulu.com/product/download/owasp-appsensor/4520005  lulu.com]
Order a printed version for under $10 [http://www.lulu.com/content/5984542 lulu.com]
'''Next Presentation:''' [http://www.owasp.org/index.php/Defend_Yourself:_Integrating_Real_Time_Defenses_into_Online_Applications OWASP AppSec DC] - Thursday, November 12, 2009
'''Demo:''' The AppSensor project will soon be releasing a working demo. This web application will include a working example of the AppSensor detection points integrated with ESAPI. Stay tuned for more.
==== Project Roadmap  ====
'''November, 2009''' [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf OWASP DC, November 2009]
'''Current:''' v1.2 in the works, demo application in development
'''May, 2009''' - AppSec EU Poland - Presentation ([http://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx PPT]) ([http://blip.tv/file/2198771 Video])
'''January, 2009''' - v1.1 Released - Beta Status
'''November, 2008''' - AppSensor Talk at OWASP Portugal
'''November, 2008''' - v1.0 Released - Beta Status
'''April 16, 2008''' - Project Begins
==== Detection Points  ====
Below are the primary detection points defined within AppSensor. These are just the titles; the document contains descriptions, examples and considerations for implementing these detection points.
'''Signature Based Events'''
ID Event
RE1 Unexpected HTTP Commands
RE2 Attempts To Invoke Unsupported HTTP Methods<br>RE3 GET When Expecting POST<br>RE4 POST When Expecting GET<br>AE1 Use Of Multiple Usernames<br>AE2 Multiple Failed Passwords<br>AE3 High Rate Of Login Attempts<br>AE4 Unexpected Quantity Of Characters In Username<br>AE5 Unexpected Quantity Of Characters In Password<br>AE6 Unexpected Types Of Characters In Username<br>AE7 Unexpected Types Of Characters In Password<br>AE8 Providing Only The Username<br>AE9 Providing Only The Password<br>AE10 Adding Additional POST Variables<br>AE11 Removing POST Variables<br>SE1 Modifying Existing Cookies<br>SE2 Adding New Cookies<br>SE3 Deleting Existing Cookies<br>SE4 Substituting Another User's Valid Session ID Or Cookie<br>SE5 Source IP Address Changes During Session<br>SE6 Change Of User Agent Mid Session<br>ACE1 Modifying URL Arguments Within A GET For Direct Object Access Attempts<br>ACE2 Modifying Parameters Within A POST For Direct Object Access Attempts<br>ACE3 Force Browsing Attempts<br>ACE4 Evading Presentation Access Control Through Custom Posts<br>IE1 Cross Site Scripting Attempt<br>IE2 Violations Of Implemented White Lists<br>EE1 Double Encoded Characters<br>EE2 Unexpected Encoding Used<br>CIE1 Blacklist Inspection For Common SQL Injection Values<br>CIE2 Detect Abnormal Quantity Of Returned Records. <br>CIE3 Null Byte Character In File Request<br>CIE4 Carriage Return Or Line Feed Character In File Request<br>FIO1 Detect Large Individual Files <br>FIO2 Detect Large Number Of File Uploads<br><br>
'''Behavior Based Events'''<br>
UT1 Irregular Use Of Application<br>UT2 Speed Of Application Use<br>UT3 Frequency Of Site Use<br>UT4 Frequency Of Feature Use<br>STE1 High Number Of Logouts Across The Site<br>STE2 High Number Of Logins Across The Site<br>STE3 High Number Of Same Transaction Across The Site<br><br>
RE - Request<br>AE - Authentication<br>SE - Session<br>ACE - Acess Control<br>IE - Input<br>EE - Encoding<br>CIE - Command Injection<br>FIO - File IO<br>UT - User Trend<br>STE - System Strend<br><br>
==== Media  ====
November, 2009 -  AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications]
May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51 ]
May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers]
November, 2008 - [https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt OWASP Summit Portugal 2008 PPT]
'''Video Demos of AppSensor'''
[http://www.youtube.com/watch?v=8ItfuwvLxRk Detecting Multiple Attacks & Logging Out Attacker]
[http://www.youtube.com/watch?v=CekUMk_VRV8 Detecting XSS Probes]
[http://www.youtube.com/watch?v=LfD4y67qdWE Detecting URL Tampering]
[http://www.youtube.com/watch?v=1D6nTlmYjhY Detecting Verb Tampering]
[[Category:OWASP_Project|AppSensor Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Beta_Quality_Document]]

Latest revision as of 11:35, 6 October 2010

Pages in category "OWASP AppSensor Project"

The following 4 pages are in this category, out of 4 total.