[Owasp-appsensor-project] AppSensor & ESAPI Integration

Michael Coates michael.coates at owasp.org
Mon Jun 21 12:44:24 EDT 2010


ESAPI Team,

The AppSensor team has been working hard over the last several months to 
create an AppSensor jar that is ready for ESAPI integration.

AppSensor is a project to enable detailed attack intrusion and response 
within application by integrating "detection points" into the 
application itself (think detecting all access control failures, 
malicious input, unexpected commands and more and then correlating that 
against the logged in user and logging out/locking the attacker). That's 
just the basics, more info on AppSensor here: 
http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project

Here are the instructions for easily updating an existing ESAPI 
application to use AppSensor. I encourage those interested to take a 
quick read and respond with any comments.

http://www.owasp.org/index.php/AppSensor_GettingStarted

What's next:
1. We'd like to use the Getting Started guide as an initial strategy for 
users to begin leveraging AppSensor in their ESAPI apps. We're looking 
for interested parties to begin using AppSensor within ESAPI and provide 
their feedback.
2. It would also be great for the ESAPI config to contain the 
configuration line for AppSensor and a link to the getting started page.

#Use OWASP AppSensor for enhanced application intrusion detection and response
#See http://www.owasp.org/index.php/AppSensor_GettingStarted for necessary JAR and configuration
#ESAPI.IntrusionDetector=org.owasp.appsensor.intrusiondetection.AppSensorIntrusionDetector


Thoughts and feedback please.

-- 
Michael Coates
OWASP

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100621/592f3cb2/attachment.html 


More information about the Owasp-appsensor-project mailing list