[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions

panos panosx13 at gmail.com
Mon Mar 11 01:14:17 UTC 2013


Yes random username isn't so good idea actually is very bad idea.I 
thought  of getting the IP and giving  it as username for example 
"Ano192.168.1.1".  I think that something like this it will work. I'll 
try it.

Thanks,
Panos



On 03/11/2013 02:27 AM, John Melton wrote:
> This concept doesn't really make sense to me, but I suppose it could 
> work. The important piece is having some way of ensuring the same 
> "user" is assigned to Bob every time. If it's all in one session, 
> that's probably not an issue, but on repeated visits, you'd need some 
> method of correlation, like the IP address I mentioned earlier or some 
> other mechanism. The other issue with using a random username is that 
> you don't really know what that represents. You should try to use 
> something identifiable.
>
> Thanks,
> John
>
>
> On Sun, Mar 10, 2013 at 6:58 PM, panos <panosx13 at gmail.com 
> <mailto:panosx13 at gmail.com>> wrote:
>
>     Actually I want to blog malicious users, who are trying for
>     example bruteforcing the login.
>
>     I thought something and I would like to ask you to advice me.
>
>     If in the login page when a user visits it, is it possible to
>     create an Appsensor user without the users who visits the login
>     page do nothing and knows about it?
>
>     For example if I visit a page a random username is picked up and
>     an Appsensor user lets say bob is created.
>
>     So the user that visits the login page is not anonymous but bob.
>     So I think that Appsensor can disable the access ?
>
>     My questions mow:  Do you think that a scenario like this can work
>     and help me disabling access to anonymous?
>
>
>
>
>
>
>
>
>     On 03/09/2013 03:53 AM, John Melton wrote:
>>     Panos,
>>     Great questions.
>>
>>     There is no mechanism for checking if a detection point has been
>>     triggered. Depending on your needs, you could do it via the
>>     boolean setting you mentioned or possibly by wrapping the
>>     intrusion detector with your own custom class and attaching
>>     observers for notification if you wanted that feature. Note
>>     however that this only informs you that a detection point has
>>     been triggered. You'd have to determine the detection point by
>>     examining the "code", ie AE8. Also note this is not a GUID, ie.
>>     multiple of these could be fired.
>>
>>     As for checking which was the last response action executed, you
>>     could do something like the following:
>>
>>     APPSENSOR.intrusionStore().getIntrusionRecordForUser(yourUserHere).getLastResponseAction("AE8");
>>
>>     As for working with anonymous users, there's currently only
>>     support for logging really. You could augment the system to do
>>     certain things based on IP or other identifiers, but it would
>>     require you to extend our system. This is one of the challenges
>>     I'm trying to tackle in version 2 of the code, which I'm
>>     currently working on.
>>
>>     Thanks,
>>     John
>>
>>
>>     On Fri, Mar 8, 2013 at 6:21 PM, panos <panosx13 at gmail.com
>>     <mailto:panosx13 at gmail.com>> wrote:
>>
>>         Hello,
>>
>>         I was wondering if there is a way to detect in my code if a
>>         detection point is created.
>>
>>         For example i have the code
>>
>>         if ( checkIntrution() )
>>         {
>>             new AppSensorException("AE8", "Providing Only the
>>         Username ", "Provided Only the Username");
>>         }
>>
>>         and I want in my code to check if the AE8 has been created is
>>         there any solution using only the Appsensor API?
>>
>>         alternatively I have thought I way with a boolean variable
>>
>>         for example
>>
>>         boolean isCreated=false;
>>         if ( checkIntrution() )
>>         {
>>             new AppSensorException("AE8", "Providing Only the
>>         Username ", "Provided Only the Username");
>>             isCreated=true;
>>         }
>>
>>         ....
>>
>>         if( isCreated )
>>         {
>>         ....
>>         }
>>
>>
>>         Also I was wondering if there is a solution on detecting in
>>         which action is a Detection Point
>>
>>         for example lets say that in esapi.properties I have this:
>>
>>         IntrusionDetector.AE8.actions=log,logout,disable
>>
>>         is there a way to see in which action is a detection point in
>>         my source code ? for example I want to check if the action is
>>         in logout.
>>
>>
>>         Also if a user in not authenticated as I have seen, Appsensor
>>         treats him like anonymous and the only action that can be
>>         applied in an anonymous is log.
>>
>>         is there a solution if I want to disable access to an anonymous?
>>
>>         Thanks in advance
>>
>>         Panos
>>         _______________________________________________
>>         Owasp-appsensor-project mailing list
>>         Owasp-appsensor-project at lists.owasp.org
>>         <mailto:Owasp-appsensor-project at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20130311/007f240c/attachment-0001.html>


More information about the Owasp-appsensor-project mailing list