[Owasp-appsensor-project] DHS & Georgia Tech Grant Funding Potential

Ryan Barnett ryan.barnett at owasp.org
Mon Aug 12 23:45:37 UTC 2013


To John's point about reporting and visualization - we have similar issues on the ModSecurity front. Considering that we have implemented many AppSensor detection points within the OWASP ModSecurity CRS. We currently mainly use a tool called the audit console and it accepts ModSecurity audit log data. 

http://www.jwall.org/web/audit/console/index.jsp

You can search and sort in a variety of ways however in general I feel that there is much to do with regards to making these events meaningful for a security analyst. 

I don't really like the per- transaction views of most WAF alert data. I prefer more of an attacker-sequence view that shows paths of attacks or profiles the attacker a bit more. I actually like what Mykonos did with their dashboard - http://www.mykonossoftware.com/profile-the-attacker.php

I guess my point is that I agree that we need a better dashboard for these events but I am not sure if building one from scratch is the best use of time and resources. We could consider contributing to Audit Console to add features we need. 

--
Ryan Barnett


On Aug 12, 2013, at 2:49 PM, John Melton <jtmelton at gmail.com> wrote:

> I personally like the #2 idea. Getting the concept out is helpful, and seems like it would be very helpful, particularly within govt. circles. 
> 
> I really like the idea of sample applications using the implementation. From a development perspective, I also think it could be useful to build a reporting front-end for analysis by end-users. I am working on the engine piece and have a good handle on that, but the visualization of the data is probably an area that could use some love. However, these dev tasks might be a stretch to start now. 
> 
> If our proposal were accepted, when would the work begin? I think if the work started after the new year, I'd be comfortable proposing any of the dev ideas, but if sooner, I'd say go with just the documentation. 
> 
> 
> On Mon, Aug 12, 2013 at 4:33 PM, Colin Watson <colin.watson at owasp.org> wrote:
>> I have discussed this a little with Samantha.  Apparently there is an
>> opportunity to fund marketing, promotion, reviewing, development, and
>> writing expense, but not for example travel.
>> 
>> A couple of suggestions:
>> 
>> 1.  fund a competition for the best implementation, demonstrations,
>> supporting applications (e.g. $5,000 first, three $2000 runners up and
>> five $1,000s plus some admin costs for running it?)
>> 
>> 2.  pay to print and distribute further copies of the upcoming v2
>> Guide (e.g. to give them away at developer events, perhaps in the US
>> only?)
>> 
>> But we have an opportunity to write this by end of tomorrow and submit
>> for 2013, or wait a year and do it in 2014. I think we should put some
>> sort of bid in, the question is what for. I can spend some time
>> tomorrow writing up, if other contributors on this list can provide a
>> steer as to what they think is achievable and might gain support. I
>> think both of the ideas above avoid paying volunteers.
>> 
>> Colin
>> 
>> 
>> On 12 August 2013 21:17, Samantha Groves <samantha.groves at owasp.org> wrote:
>> > Hello AppSensor Team,
>> >
>> > Colin has asked me to inform you that you currently have an opportunity to
>> > submit a proposal for grant funding from the Department of Homeland
>> > Security. See the HOST Website for more information. Additionally, see the
>> > grant page for more information on the grant opportunity.
>> >
>> > Please have a look and let me know if this is something you are interested
>> > in pursuing. Additionally, please share any ideas you may have on
>> > objectives, and activities that you would like to take part in for AppSensor
>> > with Grant support, if awarded.
>> >
>> > Thank you,
>> >
>> > SG.
>> >
>> > --
>> >
>> > Samantha Groves, MBA
>> >
>> > OWASP Projects Manager
>> >
>> >
>> > The OWASP Foundation
>> >
>> > Arizona, USA
>> >
>> > Email: samantha.groves at owasp.org
>> >
>> > Skype: samanthahz
>> >
>> >
>> > OWASP Global Projects
>> >
>> > Book a Meeting with Me
>> >
>> > OWASP Contact US Form
>> >
>> > New Project Application Form
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Owasp-appsensor-project mailing list
>> > Owasp-appsensor-project at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>> >
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
> 
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20130812/edeb9398/attachment.html>


More information about the Owasp-appsensor-project mailing list