[Esapi-user] IntrusionException and IntrusionDetector

Jeff Williams jeff.williams at aspectsecurity.com
Thu Jun 23 10:52:45 EDT 2011

The IntrusionDetector actually watches all SecurityExceptions
(AuthenticationException, ValidationException, EncryptionException,
etc...) and looks for patterns.  Currently the implementation is pretty
simple.  You can configure a threshold into SecurityConfiguration for
different types of exceptions.  For example, if you exceed 5
ValidationExceptions in a 10 second window, it identifies this as an
attack and throws an Intrusion Exception.


Michael Coates has done a lot of work building on this basic idea in the
OWASP AppSensor project.





From: esapi-user-bounces at lists.owasp.org
[mailto:esapi-user-bounces at lists.owasp.org] On Behalf Of weiping guo
Sent: Thursday, June 23, 2011 10:35 AM
To: esapi-user at lists.owasp.org
Subject: [Esapi-user] IntrusionException and IntrusionDetector




I need some help on understanding Intrusion detection. The Validator
interface throws IntrusionException. The JavaDoc says "input that is
clearly an attack will generate a descriptive IntrusionException." My
question is how the intrusion is detected? what 'clearly' means in here?
Any sceneraio is appreciated.


Suppose, an intrusion is detected. I assume the ESAPI.IntrusionDetector
(org.owasp.esapi.reference.DefaultIntrusionDetector, for example)defined
in the config file will be notified. Can I assume the IntrusionDetector
will be invoked automatically whenever IntrusionException is thrown? How
it works?


Thank you.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110623/74e96e18/attachment.html 

More information about the Esapi-user mailing list