[Owasp-appsensor-project] idea – Session redirection (wishlist?)

Don Thomas don.thomas.cissp at gmail.com
Tue Sep 21 00:35:15 EDT 2010 

Michael,

I was impressed with your talk at the OWASP conference in Irvine.  I talked
to you after your presentation.  I mentioned that I have an idea or concept
that I would like to see added to the wish list for the AppSensor project.
  I don’t know if this idea is doable, but I thought that I would at least
throw it out there and see.  I am not a developer, but I have been working
in IT and networking for almost 30 years and see a real need to be able to
redirect an incoming session based on triggers.  My first thought was that
AppSensor might be the first tool that I have seen that might be able to
identify a session, and possibly request the session to be redirected based
on a trigger.

I have had this idea floating in my head for a while.  What I would like to
see is a method to redirect an obvious bad user (an attacker) to another
system, such as a honey pot or a system that can handle such an attack,
while keeping the session totally transparent from the attacker.

What I am thinking is once a set of events are triggered, the AppSensor can
initiate or trigger a re-direction of a session to another web server.   This
could be as simple as having a load balancer accept a re-direction request
(assuming that a load balancer could accept such a request), or something
within the application can automatically redirect the session to another web
server.

The main purpose to redirect a session is to relive the main web server(s)
from the attack.  The secondary benefit would be that there is a set of
servers that are focused for this type of abuse and could gather more
detailed logging for analysis.

And an obvious third benefit would be that the additional detailed knowledge
of the attack could also benefit the AppSensor researchers.

Anyway, I don’t know how doable this idea of session redirection is, but I
thought that I would at least share the idea that I had…

I would be curious in what you thought and if this would even be possible?

Anyway, thank you for listening…

Best regards,

Don Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100920/925aed10/attachment.html

More information about the Owasp-appsensor-project mailing list