[Esapi-user] IntrusionException and IntrusionDetector

Jeff Williams jeff.williams at aspectsecurity.com
Thu Jun 23 10:52:45 EDT 2011


The IntrusionDetector actually watches all SecurityExceptions
(AuthenticationException, ValidationException, EncryptionException,
etc...) and looks for patterns.  Currently the implementation is pretty
simple.  You can configure a threshold into SecurityConfiguration for
different types of exceptions.  For example, if you exceed 5
ValidationExceptions in a 10 second window, it identifies this as an
attack and throws an Intrusion Exception.

 

Michael Coates has done a lot of work building on this basic idea in the
OWASP AppSensor project.

 

--Jeff

 

 

From: esapi-user-bounces at lists.owasp.org
[mailto:esapi-user-bounces at lists.owasp.org] On Behalf Of weiping guo
Sent: Thursday, June 23, 2011 10:35 AM
To: esapi-user at lists.owasp.org
Subject: [Esapi-user] IntrusionException and IntrusionDetector

 

Hi,

 

I need some help on understanding Intrusion detection. The Validator
interface throws IntrusionException. The JavaDoc says "input that is
clearly an attack will generate a descriptive IntrusionException." My
question is how the intrusion is detected? what 'clearly' means in here?
Any sceneraio is appreciated.

 

Suppose, an intrusion is detected. I assume the ESAPI.IntrusionDetector
(org.owasp.esapi.reference.DefaultIntrusionDetector, for example)defined
in the config file will be notified. Can I assume the IntrusionDetector
will be invoked automatically whenever IntrusionException is thrown? How
it works?

 

Thank you.

 

Jim 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110623/74e96e18/attachment.html 


More information about the Esapi-user mailing list