[Owasp-appsensor-project] appsensor dashboard design prep for appsec eu

Timo Goosen timo.goosen at owasp.org
Tue May 12 05:40:46 UTC 2015


>- who are the target audience(s) for the dashboard?
People in operations who are running infrastructure that the application is
hosted on.


>- what are the use cases that need to be handled? ops room view, attack
research, etc.
Attack research, ops rooms. Would also be nice to see appsensor used
BlueTeam vs Red Team CTF competitions , could be used by the Blue Teams.
Would be a good place to put Appsensor to the test. Would be cool to use
AppSensor to monitor an app running in a competition like this:
http://www.echothrust.com/blogs/du-selects-echothrust-solutions-its-first-hacking-competition-dubai

>- what is the "normal state" - nothing on the screen at all???
Normal traffic, no anomalies in log data.

- what is usefully displayed?
- what sort of patterns would a typical attack look like, and how would
visualisation help highlight this?
>- what drill down/view might be useful?
Would be interesting and helpful to see information especially at the
enumeration stage of an attack. Also would be interesting to see traffic
coming from blacklisted IP's.

- what do you want to be there for sure?
- what do you NOT want to be there for sure?
- sample tools/views you find helpful?
>- any UI patterns we should use / not use?
Not sure what is meant by this question. But I'd like to see us something
like Elasticsearch+Logstash+Kibana. I'm still figuring out myself how to
use this "ELK" stack which can make really nice looking dashboards like
these:
https://www.elastic.co/blog/kibana-4-for-investigating-pacs-super-pacs-and-your-neighbors
and check this link:
https://www.elastic.co/blog/kibana-4-beta-3-now-more-filtery/


I'm going to try attend both sessions.  I will be in Amsterdam. Looking
forward to meeting all of you smart people.

Regards.
Timo

On Mon, May 11, 2015 at 5:39 AM, John Melton <jtmelton at gmail.com> wrote:

> All,
>
> Colin is running a couple of sessions at appsec eu related to appsensor.
> The first is on Tuesday (5/19) for documentation updates. The second is the
> reason for this email.
>
> The actual session is Wednesday (5/20) from 13:30 - 17:00 local time
> (Amsterdam, NL). (
> https://www.owasp.org/index.php/OWASP_Project_Summit_2015/Home#13:30_.E2.80.93_17:00_AppSensor_.28Code.29_.E2.80.93_Dashboard
> )
>
> The expectation of the session is: "... [design of] a reporting dashboard.
> This session is to brainstorm ideas and layouts for the dashboard, and
> identify what tools/libraries can assist in the creation of the dashboard.
> Bring ideas, energy, URLs, paper and pens! The outputs will be dashboard
> mockups."
>
> In preparation for this meeting, we'd like to give everyone an opportunity
> for early input. Specifically, we are looking for:
>
> - who are the target audience(s) for the dashboard?
> - what are the use cases that need to be handled? ops room view, attack
> research, etc.
> - what is the "normal state" - nothing on the screen at all???
> - what is usefully displayed?
> - what sort of patterns would a typical attack look like, and how would
> visualisation help highlight this?
> - what drill down/view might be useful?
> - what do you want to be there for sure?
> - what do you NOT want to be there for sure?
> - sample tools/views you find helpful?
> - any UI patterns we should use / not use?
>
> These questions are just examples to get you thinking. ANY and ALL input
> is valuable.
>
> Let me be clear - *THIS IS YOUR CHANCE TO INFLUENCE THE UI ! *Feedback /
> input is critical at this point. This will be the main development effort
> for the next couple of months, so input now is crucial to building
> something useful.
>
> We're also considering holding a phone call this week or early next if
> people would find that useful as a way to provide input. Please let me or
> Colin know if you'd be interested in joining a call, and if there's
> interest, we'll set it up.
>
> Thanks,
> John
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20150512/d56cb755/attachment.html>


More information about the Owasp-appsensor-project mailing list