Chapter 21 : Fully Integrated (AppSensor Core) Introduction
Prior to the development of the SOAP Web Services demonstration implementation, Michael Coates and John Melton [anyone else? KW???] created a pure integrated Java version. Like “AppSensor WS” above, this is a reference implementation and is a development branch included within the scope of the OWASP AppSensor Project called “AppSensor Core”.
Description
AppSensor Core handles the collection of event data, and selection of appropriate responses based on a policy defined as a Java properties files. The detection points and responses have to be built into the application at appropriate points in the logic. Code from AppSensor Core is then executed during run time as events occur.
Schematic Arrangement of the AppSensor Core Reference Implementation
AppSensor scope
The selection of detection points, where they are added, and how the software responds, are application and organization dependent. However, the following detection point and response categories are supported:
List of Detection Point Categories Supported by AppSensor Core
Category
|
Detection Point
|
Description
|
ID
|
Title
|
Request Exception
|
RE1
|
Unexpected HTTP Command
|
|
RE2
|
Attempt to Invoke Unsupported HTTP Method
|
|
RE3
|
GET When Expecting POST
|
|
RE4
|
POST When Expecting GET
|
Access Control Exception
|
ACE1
|
Modifying URL Argument Within a GET for Direct Object Access Attempt
|
ACE2
|
Modifying Parameter Within A POST for Direct Object Access Attempt
|
ACE3
|
Force Browsing Attempt
|
Input Exception
|
IE1
|
Cross Site Scripting Attempt
|
System Trend Exception
|
STE1
|
High Number of Logouts Across The Site
|
List of Response Categories Supported by AppSensor Core
Category
|
Response
|
Type
|
Description
|
Code
|
Description
|
Silent
|
User unaware of application's response
|
ASR-A
|
Logging Change
|
ASR-B
|
Administrator Notification (SMS and email)
|
Active
|
Application functionality reduced for user(s)
|
ASR-I
|
Function Disabled
|
ASR-J
|
Account Logout
|
ASR-K
|
Account Lockout
|
The individual interfaces can be extended in order to modify AppSensor for a particular environment, and to support additional detection points and response actions.
Source code
The source code and appsensor.jar file are available from:
https://code.google.com/p/appsensor/
https://code.google.com/p/appsensor/downloads/detail?name=AppSensor-0.1.3.jar
The version at the time of writing is 0.1.3 and is issued under the BSD 3-Clause License112.
Implementation
A developer guide has been provided at:
https://www.owasp.org/index.php/AppSensor_Developer_Guide [Check]
Considerations
This Java implementation has the following dependencies:
OWASP ESAPI Java library
JavaMail libraries (activation and mail jar files)
Servlet/JSP libraries
Logging API library (log4j by default)
This AppSensor implementation is no longer under development.
Related implementations
This Java implementation method was utilized in the comparative research and experiment undertaken independently by Pål Thomassen “AppSensor: Attack-Aware Applications Compared Against a Web Application Firewall and an Intrusion Detection System”33. A description of how AppSensor Core was implemented on SimpleShiroSecuredApplication has been written by Mária Jurčovičová 114.
The AppSensor Core implementation has also been ported to .Net by Luke Briner and is available to download at:
https://www.owasp.org/index.php/File:AppSensor_Core_-_dotNet.zip
See also Chapter 24 : Invocation of AppSensor Code Using Jni4Net.
Share with your friends: |