Difference between revisions of "Project Information:template AppSensor Project"

From OWASP
Jump to: navigation, search
Line 19: Line 19:
 
'''Detection'''
 
'''Detection'''
  
AppSensor defines 42 different [http://www.owasp.org/index.php/AppSensor_DetectionPoints detection points] which can be used to identify a malicious attacker.
+
AppSensor defines 45+ different [http://www.owasp.org/index.php/AppSensor_DetectionPoints detection points] which can be used to identify a malicious attacker.
  
 
'''Response'''
 
'''Response'''
Line 47: Line 47:
 
'''[[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|Beta Quality]]'''<br>[[:OWASP AppSensor Project - Assessment Frame|Please see here for complete information.]]
 
'''[[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|Beta Quality]]'''<br>[[:OWASP AppSensor Project - Assessment Frame|Please see here for complete information.]]
 
  | style="width:42%; background:#cccccc" align="left"|
 
  | style="width:42%; background:#cccccc" align="left"|
'''AppSensor Beta Release 1.1 - Now Available!'''
+
* '''NEW: AppSensor & ESAPI:''' [http://www.owasp.org/index.php/AppSensor_GettingStarted Getting Started with AppSensor]
* '''Download Now''' [[https://www.owasp.org/images/2/2f/OWASP_AppSensor_Beta_1.1.pdf PDF] | [https://www.owasp.org/images/b/b0/OWASP_AppSensor_Beta_1.1.doc Word]]
+
* '''Download AppSensor Book:''' [https://www.owasp.org/images/2/2f/OWASP_AppSensor_Beta_1.1.pdf PDF] | [https://www.owasp.org/images/b/b0/OWASP_AppSensor_Beta_1.1.doc Word]
* '''Presentation''' [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications]
+
* '''Presentation:''' [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications]
* '''Diagram''' [https://www.owasp.org/index.php/File:Appsensor-pid.pdf Understanding AppSensor in the WebApp - Diagram]
+
* '''Diagram:''' [https://www.owasp.org/index.php/File:Appsensor-pid.pdf Understanding AppSensor in the WebApp - Diagram]
* '''Live Demo''' [http://www.youtube.com/watch?v=8ItfuwvLxRk Video]
+
* '''Live Demo:''' [http://www.youtube.com/watch?v=8ItfuwvLxRk Video]
* '''AppSensor Code''' [http://code.google.com/p/appsensor/ Google Code]
+
* '''AppSensor Code:''' [http://code.google.com/p/appsensor/ Google Code]
 
  | style="width:29%; background:#cccccc" align="center" |
 
  | style="width:29%; background:#cccccc" align="center" |
 
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API ESAPI]
 
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API ESAPI]
 
  |}
 
  |}
 
----
 
----

Revision as of 11:31, 21 June 2010

PROJECT IDENTIFICATION
Project Name OWASP AppSensor Project - Detect and Respond to Attacks from Within the Application
Short Project Description

Real Time Application Attack Detection and Response

Overview

Article on why Application Based Intrusion Detection is a must for critical applications.

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.

Detection

AppSensor defines 45+ different detection points which can be used to identify a malicious attacker.

Response

AppSensor provides guidance on how to response once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator.

Defending the Application

An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.

Project key Information Project Leader
Michael Coates
Project Contributors
Randy Janida
John Melton
Giri Nambari
Eric Sheridan
John Stevens
Colin Watson
Mailing list
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.