[Owasp-appsensor-project] Implementing AppSensor detection points to TeamMentor
colin.watson at owasp.org
Wed Apr 4 20:05:52 UTC 2012
I should have mentioned this "implementation planning guide":
It might help your thought processes.
On 4 April 2012 15:10, John Melton <jtmelton at gmail.com> wrote:
> I also didn't clarify this well in my email response (just a moment ago) to
> your spring app question. The current version of appsensor ONLY supports
> java applications. The concept is obviously generic, but our code is only
> for java at the moment. The new version will be services based, so we can
> quickly and easily build new clients in any language. Colin is spot on in
> his response otherwise.
> On Wed, Apr 4, 2012 at 9:35 AM, Colin Watson <colin.watson at owasp.org> wrote:
>> You should implement localised mis-use prevention for these 3 examples
>> in your own code. For example "API abuse" is probably being detected
>> by authorisation and input validation checks? AppSensor can't be used
>> to protect an application that isn't doing these things already, or
>> has known or easily found vulnerabilities.
>> AppSensor might then be used to detect an attack if it saw (for
>> example) 6 or 10 instances of any of the three things you mention by
>> an IP address range or subnet (e.g. 2 login account lockouts, plus 3
>> new accounts and 1 API abuse = 6 events).
>> 1. Consider where in your architecture you could detect these sort of
>> events (existing checks?), and whether this can be achieved with an
>> common code
>> 2. Make sure you have application logging capabilities
>> 3. Start to log the events
>> 4. Consider what type of responses are appropriate (time delays, lock
>> outs, etc)
>> 5. Build mechanisms to undertake/enforce the responses
>> 6. Use something (engine, query on logs, etc) to detect the thresholds
>> you have set e.g. "6 of any", "3 account lockouts"
>> 7. Undertake the predefined responses
>> On 4 April 2012 13:30, dinis cruz <dinis.cruz at owasp.org> wrote:
>> > Hi , I'm the lead developer
>> > of https://github.com/TeamMentor/Master which is
>> > a .NET/jQuery based WebApp.
>> > I have a couple bug-tracking-issues that I would like to address using
>> > AppSensor:
>> > - Login Brute Force
>> > - Mass Account creation
>> > - WebServices API abuse
>> > I have an OKish overview of AppSensor (saw Colin present it a couple
>> > times),
>> > but am not sure on where to start. Any tips/ideas?
>> > Thanks
>> > Dinis Cruz
>> > _______________________________________________
>> > Owasp-appsensor-project mailing list
>> > Owasp-appsensor-project at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
More information about the Owasp-appsensor-project