[Esapi-user] IntrusionException and IntrusionDetector
jeff.williams at aspectsecurity.com
Thu Jun 23 10:52:45 EDT 2011
The IntrusionDetector actually watches all SecurityExceptions
(AuthenticationException, ValidationException, EncryptionException,
etc...) and looks for patterns. Currently the implementation is pretty
simple. You can configure a threshold into SecurityConfiguration for
different types of exceptions. For example, if you exceed 5
ValidationExceptions in a 10 second window, it identifies this as an
attack and throws an Intrusion Exception.
Michael Coates has done a lot of work building on this basic idea in the
OWASP AppSensor project.
From: esapi-user-bounces at lists.owasp.org
[mailto:esapi-user-bounces at lists.owasp.org] On Behalf Of weiping guo
Sent: Thursday, June 23, 2011 10:35 AM
To: esapi-user at lists.owasp.org
Subject: [Esapi-user] IntrusionException and IntrusionDetector
I need some help on understanding Intrusion detection. The Validator
interface throws IntrusionException. The JavaDoc says "input that is
clearly an attack will generate a descriptive IntrusionException." My
question is how the intrusion is detected? what 'clearly' means in here?
Any sceneraio is appreciated.
Suppose, an intrusion is detected. I assume the ESAPI.IntrusionDetector
(org.owasp.esapi.reference.DefaultIntrusionDetector, for example)defined
in the config file will be notified. Can I assume the IntrusionDetector
will be invoked automatically whenever IntrusionException is thrown? How
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user