[Owasp-appsensor-project] Implementing AppSensor detection points to TeamMentor
Colin Watson
colin.watson at owasp.org
Wed Apr 4 20:05:52 UTC 2012
Dinis
I should have mentioned this "implementation planning guide":
https://www.owasp.org/index.php?title=File:Appsensor-planning.zip&setlang=en
It might help your thought processes.
Colin
On 4 April 2012 15:10, John Melton <jtmelton at gmail.com> wrote:
> Dinis,
> I also didn't clarify this well in my email response (just a moment ago) to
> your spring app question. The current version of appsensor ONLY supports
> java applications. The concept is obviously generic, but our code is only
> for java at the moment. The new version will be services based, so we can
> quickly and easily build new clients in any language. Colin is spot on in
> his response otherwise.
> Thanks,
> John
>
>
> On Wed, Apr 4, 2012 at 9:35 AM, Colin Watson <colin.watson at owasp.org> wrote:
>>
>> Dinis
>>
>> You should implement localised mis-use prevention for these 3 examples
>> in your own code. For example "API abuse" is probably being detected
>> by authorisation and input validation checks? AppSensor can't be used
>> to protect an application that isn't doing these things already, or
>> has known or easily found vulnerabilities.
>>
>> AppSensor might then be used to detect an attack if it saw (for
>> example) 6 or 10 instances of any of the three things you mention by
>> an IP address range or subnet (e.g. 2 login account lockouts, plus 3
>> new accounts and 1 API abuse = 6 events).
>>
>> 1. Consider where in your architecture you could detect these sort of
>> events (existing checks?), and whether this can be achieved with an
>> common code
>>
>> 2. Make sure you have application logging capabilities
>>
>> 3. Start to log the events
>>
>> 4. Consider what type of responses are appropriate (time delays, lock
>> outs, etc)
>>
>> 5. Build mechanisms to undertake/enforce the responses
>>
>> 6. Use something (engine, query on logs, etc) to detect the thresholds
>> you have set e.g. "6 of any", "3 account lockouts"
>>
>> 7. Undertake the predefined responses
>>
>> Colin
>>
>> On 4 April 2012 13:30, dinis cruz <dinis.cruz at owasp.org> wrote:
>> > Hi , I'm the lead developer
>> > of https://github.com/TeamMentor/Master which is
>> > a .NET/jQuery based WebApp.
>> >
>> > I have a couple bug-tracking-issues that I would like to address using
>> > AppSensor:
>> >
>> > - Login Brute Force
>> > - Mass Account creation
>> > - WebServices API abuse
>> >
>> > I have an OKish overview of AppSensor (saw Colin present it a couple
>> > times),
>> > but am not sure on where to start. Any tips/ideas?
>> >
>> > Thanks
>> >
>> > Dinis Cruz
>> >
>> > _______________________________________________
>> > Owasp-appsensor-project mailing list
>> > Owasp-appsensor-project at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>> >
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
More information about the Owasp-appsensor-project
mailing list