[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions

John Melton jtmelton at gmail.com
Sat Mar 9 01:53:50 UTC 2013


Panos,
Great questions.

There is no mechanism for checking if a detection point has been triggered.
Depending on your needs, you could do it via the boolean setting you
mentioned or possibly by wrapping the intrusion detector with your own
custom class and attaching observers for notification if you wanted that
feature. Note however that this only informs you that a detection point has
been triggered. You'd have to determine the detection point by examining
the "code", ie AE8. Also note this is not a GUID, ie. multiple of these
could be fired.

As for checking which was the last response action executed, you could do
something like the following:

APPSENSOR.intrusionStore().getIntrusionRecordForUser(yourUserHere).getLastResponseAction("AE8");

As for working with anonymous users, there's currently only support for
logging really. You could augment the system to do certain things based on
IP or other identifiers, but it would require you to extend our system.
This is one of the challenges I'm trying to tackle in version 2 of the
code, which I'm currently working on.

Thanks,
John


On Fri, Mar 8, 2013 at 6:21 PM, panos <panosx13 at gmail.com> wrote:

> Hello,
>
> I was wondering if there is a way to detect in my code if a detection
> point is created.
>
> For example i have the code
>
> if ( checkIntrution() )
> {
>     new AppSensorException("AE8", "Providing Only the Username ",
> "Provided Only the Username");
> }
>
> and I want in my code to check if the AE8 has been created is there any
> solution using only the Appsensor API?
>
> alternatively I have thought I way with a boolean variable
>
> for example
>
> boolean isCreated=false;
> if ( checkIntrution() )
> {
>     new AppSensorException("AE8", "Providing Only the Username ",
> "Provided Only the Username");
>     isCreated=true;
> }
>
> ....
>
> if( isCreated )
> {
> ....
> }
>
>
> Also I was wondering if there is a solution on detecting in which action
> is a Detection Point
>
> for example lets say that in esapi.properties I have this:
>
> IntrusionDetector.AE8.actions=**log,logout,disable
>
> is there a way to see in which action is a detection point in my source
> code ? for example I want to check if the action is in logout.
>
>
> Also if a user in not authenticated as I have seen, Appsensor treats him
> like anonymous and the only action that can be applied in an anonymous is
> log.
>
> is there a solution if I want to disable access to an anonymous?
>
> Thanks in advance
>
> Panos
> ______________________________**_________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.**owasp.org<Owasp-appsensor-project at lists.owasp.org>
> https://lists.owasp.org/**mailman/listinfo/owasp-**appsensor-project<https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20130308/802a01a1/attachment.html>


More information about the Owasp-appsensor-project mailing list