[Owasp-appsensor-project] Presentations in Europe during May and June

Colin Watson colin.watson at owasp.org
Fri Jun 10 03:22:22 EDT 2011


John

I was talking about this sort of architecture:

1. Attacker
2. -> Attacks
3. -> -> Application
4. <-> <-> AppSensor
5. -> -> -> -> Signalling
6. -> -> -> -> -> Dashboard

but wanted to show a whole range of example data (detection points and
responses).  It was therefore easier for me just to demo 5 & 6.  To do
that, I did:

5.a  Log file of events (like a security event log)
5.b  Perl with Sockets to read the log file and broadcast the events
onto the network
6.a  A Comet (Ajax push) server to collect the events and stream them
to subscribing clients
6.b  A static web page built using HTML, CSS and using the Dojo
JavaScript toolkit for the general layout
6.c  The web page contained three tables which subscribed to the
particular feeds coming from the Comet server

For simplicity the web page was also hosted on the Comet server, but
in practice it would be a separate 'proper' web server.  I had some
prior experience with Lightstreamer, so used that for the Comet part
and adapted their demonstration scripts and their Lightstreamer
JavaScript libraries to display characteristics I wanted to show.
That server has a free licence for a single subscribing IP address.
There are other Comet servers available including open source ones
which I would like to investigate.  Then I would really like to get
something more robust built that say integrates with ESAPI in some
way.  Then we can join all the dots from 1 to 6 in a single
application.

Colin

On 9 June 2011 19:57, John Melton <jtmelton at gmail.com> wrote:
> Colin,
> VERY COOL. Those videos are great. It really shows the power of what
> appsensor can do with proper visualization. Just curious - what was the demo
> UI built in?
> Thanks,
> John
>
> On Thu, Jun 9, 2011 at 1:54 PM, Colin Watson <colin.watson at owasp.org> wrote:
>>
>> An update on these presentations...
>>
>> The presentation at the ISSD Conference in London on 19th May was
>> received well, but again interest in "who is doing this" as if in
>> disbelief.  However many people clearly got the idea and were
>> impressed.  I hadn't watched Michael's presentation to OWASP
>> Minneapolis St Paul at that time, otherwise would have mentioned the
>> "large insurance company" too.
>>
>> In Athens at the OWASP Greece training day, there was an audience of
>> 140 - most of whom were developers.  Lots of questions on the
>> practically of adding these ideas, and one about using it for anomaly
>> detection.
>>
>> At AppSec EU today, I had a question about which frameworks offered
>> support (ESAPI and Shiro), the potential effect of adding more
>> vulnerabilities by adding more code (certainly possible), whether
>> syslog could be used for signalling (yes).  My live demonstration of
>> example AppSensor dashboards was slightly hindered by some display
>> resolution problems with the projector, but I have uploaded the videos
>> of the demos to YouTube:
>>
>>   http://www.youtube.com/watch?v=zCaYREAyiRg
>>
>>   http://www.youtube.com/watch?v=YZ5zGQ-XLkk
>>
>> The AppSec EU presentation will appear on the OWASP wiki in due course.
>>
>> Colin
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>


More information about the Owasp-appsensor-project mailing list