AppSensor Guide Application-Specific Real-Time Attack Detection & Response Version 48 (Draft)


Chapter 21 : Fully Integrated (AppSensor Core)



Download 11.95 Mb.
Page6/13
Date28.05.2018
Size11.95 Mb.
#51990
1   2   3   4   5   6   7   8   9   ...   13

Chapter 21 : Fully Integrated (AppSensor Core)

Introduction


Prior to the development of the SOAP Web Services demonstration implementation, Michael Coates and John Melton [anyone else? KW???] created a pure integrated Java version. Like “AppSensor WS” above, this is a reference implementation and is a development branch included within the scope of the OWASP AppSensor Project called “AppSensor Core”.

Description


AppSensor Core handles the collection of event data, and selection of appropriate responses based on a policy defined as a Java properties files. The detection points and responses have to be built into the application at appropriate points in the logic. Code from AppSensor Core is then executed during run time as events occur.

  1. Schematic Arrangement of the AppSensor Core Reference Implementation


AppSensor scope


The selection of detection points, where they are added, and how the software responds, are application and organization dependent. However, the following detection point and response categories are supported:

  1. List of Detection Point Categories Supported by AppSensor Core

Category

Detection Point

Description

ID

Title

Request Exception

RE1

Unexpected HTTP Command




RE2

Attempt to Invoke Unsupported HTTP Method




RE3

GET When Expecting POST




RE4

POST When Expecting GET

Access Control Exception

ACE1

Modifying URL Argument Within a GET for Direct Object Access Attempt

ACE2

Modifying Parameter Within A POST for Direct Object Access Attempt

ACE3

Force Browsing Attempt

Input Exception

IE1

Cross Site Scripting Attempt

System Trend Exception

STE1

High Number of Logouts Across The Site



  1. List of Response Categories Supported by AppSensor Core

Category

Response

Type

Description

Code

Description

Silent

User unaware of application's response

ASR-A

Logging Change

ASR-B

Administrator Notification (SMS and email)

Active

Application functionality reduced for user(s)

ASR-I

Function Disabled

ASR-J

Account Logout

ASR-K

Account Lockout

The individual interfaces can be extended in order to modify AppSensor for a particular environment, and to support additional detection points and response actions.

Source code


The source code and appsensor.jar file are available from:

https://code.google.com/p/appsensor/

https://code.google.com/p/appsensor/downloads/detail?name=AppSensor-0.1.3.jar

The version at the time of writing is 0.1.3 and is issued under the BSD 3-Clause License112.


Implementation


A developer guide has been provided at:

https://www.owasp.org/index.php/AppSensor_Developer_Guide [Check]


Considerations


This Java implementation has the following dependencies:

  • OWASP ESAPI Java library

  • JavaMail libraries (activation and mail jar files)

  • Servlet/JSP libraries

  • Logging API library (log4j by default)

This AppSensor implementation is no longer under development.

Related implementations


This Java implementation method was utilized in the comparative research and experiment undertaken independently by Pål Thomassen “AppSensor: Attack-Aware Applications Compared Against a Web Application Firewall and an Intrusion Detection System”33. A description of how AppSensor Core was implemented on SimpleShiroSecuredApplication has been written by Mária Jurčovičová 114.

The AppSensor Core implementation has also been ported to .Net by Luke Briner and is available to download at:

https://www.owasp.org/index.php/File:AppSensor_Core_-_dotNet.zip

See also Chapter 24 : Invocation of AppSensor Code Using Jni4Net.




Download 11.95 Mb.

Share with your friends:
1   2   3   4   5   6   7   8   9   ...   13




The database is protected by copyright ©ininet.org 2024
send message

    Main page