[Owasp-appsensor-project] appsensor dashboard design prep for appseceu

John Melton jtmelton at gmail.com
Mon May 11 15:56:43 UTC 2015


Thanks for the good feedback. All of these will be added to the list.

I just wanted to briefly comment on your last point. The idea of appsensor
has been to have the "responses" be automatically generated, but your
comment implies a manual override, or at least response termination. This
is an area that will include some work in the backend as well as the UI. I
think it's valuable, but it wasn't originally designed in, so we'll have to
add support for that functionality while we're exposing a UI to use it.
Great idea!


On Mon, May 11, 2015 at 2:41 AM, <erlend at oftedal.no> wrote:

> I would like to see:
> An overall status (could be a gauge or speedometer or whatever) showing
> the current amount of sensor activity.
> The ability to click any sensor current and see historic activity (charts)
> The ability to click an ip or session and see events (sensors triggered,
> actions taken etc.)
> Geographic IP info.
> Not sure if this is within scope, but list currently blocked ips. Ability
> to block/unblock and whitelist (while running pentests) IPs.
> Erlend Oftedal
> @webtonull / @eoftedal
> ------------------------------
> Fra: John Melton <jtmelton at gmail.com>
> Sendt: ‎11.‎05.‎2015 05:42
> Til: owasp-appsensor-project <owasp-appsensor-project at lists.owasp.org>
> Emne: [Owasp-appsensor-project] appsensor dashboard design prep for
> appseceu
> All,
> Colin is running a couple of sessions at appsec eu related to appsensor.
> The first is on Tuesday (5/19) for documentation updates. The second is the
> reason for this email.
> The actual session is Wednesday (5/20) from 13:30 - 17:00 local time
> (Amsterdam, NL). (
> https://www.owasp.org/index.php/OWASP_Project_Summit_2015/Home#13:30_.E2.80.93_17:00_AppSensor_.28Code.29_.E2.80.93_Dashboard
> )
> The expectation of the session is: "... [design of] a reporting dashboard.
> This session is to brainstorm ideas and layouts for the dashboard, and
> identify what tools/libraries can assist in the creation of the dashboard.
> Bring ideas, energy, URLs, paper and pens! The outputs will be dashboard
> mockups."
> In preparation for this meeting, we'd like to give everyone an opportunity
> for early input. Specifically, we are looking for:
> - who are the target audience(s) for the dashboard?
> - what are the use cases that need to be handled? ops room view, attack
> research, etc.
> - what is the "normal state" - nothing on the screen at all???
> - what is usefully displayed?
> - what sort of patterns would a typical attack look like, and how would
> visualisation help highlight this?
> - what drill down/view might be useful?
> - what do you want to be there for sure?
> - what do you NOT want to be there for sure?
> - sample tools/views you find helpful?
> - any UI patterns we should use / not use?
> These questions are just examples to get you thinking. ANY and ALL input
> is valuable.
> Let me be clear - *THIS IS YOUR CHANCE TO INFLUENCE THE UI ! *Feedback /
> input is critical at this point. This will be the main development effort
> for the next couple of months, so input now is crucial to building
> something useful.
> We're also considering holding a phone call this week or early next if
> people would find that useful as a way to provide input. Please let me or
> Colin know if you'd be interested in joining a call, and if there's
> interest, we'll set it up.
> Thanks,
> John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20150511/2e082cc6/attachment.html>

More information about the Owasp-appsensor-project mailing list