[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions

panos panosx13 at gmail.com
Sun Mar 10 22:58:32 UTC 2013


Actually I want to blog malicious users, who are trying for example 
bruteforcing the login.

I thought something and I would like to ask you to advice me.

If in the login page when a user visits it, is it possible to create an 
Appsensor user without the users who visits the login page do nothing 
and knows about it?

For example if I visit a page a random username is picked up and an 
Appsensor user lets say bob is created.

So the user that visits the login page is not anonymous but bob. So I 
think that Appsensor can disable the access ?

My questions mow:  Do you think that a scenario like this can work and 
help me disabling access to anonymous?







On 03/09/2013 03:53 AM, John Melton wrote:
> Panos,
> Great questions.
>
> There is no mechanism for checking if a detection point has been 
> triggered. Depending on your needs, you could do it via the boolean 
> setting you mentioned or possibly by wrapping the intrusion detector 
> with your own custom class and attaching observers for notification if 
> you wanted that feature. Note however that this only informs you that 
> a detection point has been triggered. You'd have to determine the 
> detection point by examining the "code", ie AE8. Also note this is not 
> a GUID, ie. multiple of these could be fired.
>
> As for checking which was the last response action executed, you could 
> do something like the following:
>
> APPSENSOR.intrusionStore().getIntrusionRecordForUser(yourUserHere).getLastResponseAction("AE8");
>
> As for working with anonymous users, there's currently only support 
> for logging really. You could augment the system to do certain things 
> based on IP or other identifiers, but it would require you to extend 
> our system. This is one of the challenges I'm trying to tackle in 
> version 2 of the code, which I'm currently working on.
>
> Thanks,
> John
>
>
> On Fri, Mar 8, 2013 at 6:21 PM, panos <panosx13 at gmail.com 
> <mailto:panosx13 at gmail.com>> wrote:
>
>     Hello,
>
>     I was wondering if there is a way to detect in my code if a
>     detection point is created.
>
>     For example i have the code
>
>     if ( checkIntrution() )
>     {
>         new AppSensorException("AE8", "Providing Only the Username ",
>     "Provided Only the Username");
>     }
>
>     and I want in my code to check if the AE8 has been created is
>     there any solution using only the Appsensor API?
>
>     alternatively I have thought I way with a boolean variable
>
>     for example
>
>     boolean isCreated=false;
>     if ( checkIntrution() )
>     {
>         new AppSensorException("AE8", "Providing Only the Username ",
>     "Provided Only the Username");
>         isCreated=true;
>     }
>
>     ....
>
>     if( isCreated )
>     {
>     ....
>     }
>
>
>     Also I was wondering if there is a solution on detecting in which
>     action is a Detection Point
>
>     for example lets say that in esapi.properties I have this:
>
>     IntrusionDetector.AE8.actions=log,logout,disable
>
>     is there a way to see in which action is a detection point in my
>     source code ? for example I want to check if the action is in logout.
>
>
>     Also if a user in not authenticated as I have seen, Appsensor
>     treats him like anonymous and the only action that can be applied
>     in an anonymous is log.
>
>     is there a solution if I want to disable access to an anonymous?
>
>     Thanks in advance
>
>     Panos
>     _______________________________________________
>     Owasp-appsensor-project mailing list
>     Owasp-appsensor-project at lists.owasp.org
>     <mailto:Owasp-appsensor-project at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20130311/60a01b94/attachment.html>


More information about the Owasp-appsensor-project mailing list