Category:OWASP AppSensor Project

Revision as of 08:09, 29 June 2008 by Pauloc (talk | contribs)

Jump to: navigation, search

Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.

Project Name OWASP AppSensor Project - Detect and Respond to Attacks from Within the Application
Short Project Description

Real Time Application Attack Detection and Response


Article on why Application Based Intrusion Detection is a must for critical applications.

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.


AppSensor defines over 50 different detection points which can be used to identify a malicious attacker.


AppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator. More than a dozen response actions are described.

Defending the Application

An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.

Project key Information Project Leaders:

Michael Coates
John Melton
Colin Watson
Dennis Groves

Project Contributors:

Ryan Barnett
Simon Bennetts
August Detlefsen
Dennis Groves
Randy Janida
Jim Manico
Giri Nambari
Eric Sheridan
John Stevens
Kevin Wall

Mailing list
Subscribe here
Use here
Creative Commons Attribution Share Alike 3.0
Project Type
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.

Summer of Code 2008 Project!


As critical applications continue to become more accessible and inter-connected, it is paramount that the information be protected. We must also realize that our defenses may not be perfect. Given enough time, attackers can identify security flaws in the design or implementation of an application. In addition to implementing layers of defense within an application, it is critical that we identify malicious individuals before they are able to identify any gaps in our defenses. The best place to identify malicious activity against the application is within the application itself. Network based intrusion detection systems are not appropriate to handle the custom and intricate workings of an enterprise application and are ill-suited to detect attacks focusing on application logic such as authentication, access control, etc. The application itself is the best place to identify and respond to malicious activity. This project will create the framework which can be used to build a robust system of attack detection, analysis, and response within an enterprise application

For example, when an architect considers the design of their authentication system (or any other critical system) they would reference the AppSensor guidelines on authentication. The AppSensor guidance will indicate what sort of authentication actions need to be logged (failed login attempt, use of multiple user-names from a single IP, high rate of login attempts etc) and what information must be captured (e.g. user-name, ip, timestamp ). Further, the AppSensor guidance will detail how all the events should be handled. Events will be sent to a centralized logging system within the application. This system collect the security events from throughout the application (e.g. authorization attacks, business logic attacks, force browsing attempts) and will then be able to take appropriate action against the user. This could include locking out an account, generating alerts to sys-admins, shutting down portions of the application, and more. Essentially, the AppSensor project is defining how an Intrusion Detection System should be designed, configured and built into the code of any custom application. By building the Application Level IDS within the application itself, we are in the best place to capture and respond to all malicious actions performed against the application.

Project Lead

Michael Coates (mwcoates [at] gmail [dot] com)

Project Roadmap

April 16, 2008 - Project Begins

High level planning & design

Identify and define attack patterns against applications

Document points of detection within the application for the attack patterns & identify key information to log

Pier Review & Revisions

June 29, 2008 - Status Report

Create thresholds for generating security alerts

Define recommended response actions for the security alerts

Pier Review & Revisions

Aug 31, 2008 - Project Complete

Pages in category "OWASP AppSensor Project"

The following 4 pages are in this category, out of 4 total.