This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSensor Project"
From OWASP
m (→Non code: Link to guide changes) |
John Melton (talk | contribs) m (removing dennis as project leader) |
||
(49 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
=Main= | =Main= | ||
− | <div style="width:100%;height: | + | <div style="width:100%;height:120px;border:0,margin:0;overflow: hidden;">[[File:Appsensor-header.jpg|link=]]</div> |
+ | <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=OWASP_Project_Stages#tab=Flagship_Projects]]</div> | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== OWASP AppSensor == | == OWASP AppSensor == | ||
Line 10: | Line 11: | ||
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement [https://www.owasp.org/index.php/ApplicationLayerIntrustionDetection intrusion detection and automated response] into applications. | The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement [https://www.owasp.org/index.php/ApplicationLayerIntrustionDetection intrusion detection and automated response] into applications. | ||
− | The project offers | + | The project offers a comprehensive guide and a reference implementation. These resources can be used by architects, developers, security analyst and system administrators to plan, implement and monitor an AppSensor system. |
== Introduction == | == Introduction == | ||
Line 35: | Line 36: | ||
* Norwegian University of Science and Technology in Tronheim | * Norwegian University of Science and Technology in Tronheim | ||
− | ** [ | + | ** [https://brage.bibsys.no/xmlui/handle/11250/252956 AppSensor: Attack-Aware Applications Compared Against a Web Application Firewall and an Intrusion Detection System], Thomassen P, 2012 |
*US Department of Homeland Security | *US Department of Homeland Security | ||
Line 53: | Line 54: | ||
© OWASP Foundation | © OWASP Foundation | ||
− | + | | style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | | |
− | | | ||
== What is AppSensor? == | == What is AppSensor? == | ||
Detect and respond to attacks from within the application. This project includes both a well documented idea (the Guide) and a reference implementation (the Code). | Detect and respond to attacks from within the application. This project includes both a well documented idea (the Guide) and a reference implementation (the Code). | ||
+ | |||
+ | |||
+ | == Intro for Developers == | ||
+ | |||
+ | [[File:Appsensor-developer-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf]] | ||
+ | |||
+ | [https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf Two-sided US Letter or A4] | ||
Line 65: | Line 72: | ||
[[File:Appsensor-website-small.jpg|link=http://appsensor.org/]] | [[File:Appsensor-website-small.jpg|link=http://appsensor.org/]] | ||
− | See the [http://appsensor.org/ | + | See the [http://appsensor.org/ AppSensor website] for an introduction and quick start instructions. |
− | |||
== Overview == | == Overview == | ||
− | [[File: | + | [[File:Appsensor-cisobriefing-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf]] |
− | + | [https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf 12-page US Letter booklet] | |
Line 82: | Line 88: | ||
== Project Leaders == | == Project Leaders == | ||
− | |||
* [https://www.owasp.org/index.php/User:John_Melton John Melton] [mailto:john.melton@owasp.org @] | * [https://www.owasp.org/index.php/User:John_Melton John Melton] [mailto:john.melton@owasp.org @] | ||
− | |||
Line 91: | Line 95: | ||
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set]] | * [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set]] | ||
− | + | | style="padding-left:25px;width:200px;" valign="top" | | |
− | | | ||
== Quick Download == | == Quick Download == | ||
− | * OWASP AppSensor Guide v2 | + | * OWASP AppSensor Guide v2 EN |
** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF] | ** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF] | ||
** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC] | ** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC] | ||
Line 102: | Line 105: | ||
* OWASP AppSensor Reference Implementation | * OWASP AppSensor Reference Implementation | ||
** [https://github.com/jtmelton/appsensor v2 Code] | ** [https://github.com/jtmelton/appsensor v2 Code] | ||
− | |||
== News and Events == | == News and Events == | ||
+ | * [25 Sep 2015] [http://appsecusa2015.sched.org/event/09495faf5cced352cb4a2acc16ce9158#.VaOSoHhfk2w Presentation] at AppSec USA 2015 | ||
+ | * [27 Jul 2015] [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc AppSensor Guide v2.0.2] published | ||
+ | * [09 Jun 2015] AppSensor Code v2.1.0 [https://github.com/jtmelton/appsensor/releases/tag/v2.1.0 released] | ||
+ | * [20 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Code | ||
+ | * [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Documentation | ||
+ | * [09 Apr 2015] [https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf CISO Briefing] booklet published | ||
+ | * [22 Feb 2015] Proposal for [https://www.owasp.org/index.php/GSoC2015_Ideas#OWASP_AppSensor Google Summer of Code 2015] | ||
+ | * [13 Feb 2015] [https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf Introduction for Developers] flyer published | ||
* [13 Feb 2015] AppSensor project awarded OWASP flagship status | * [13 Feb 2015] AppSensor project awarded OWASP flagship status | ||
* [28 Jan 2015] AppSensor Code v2.0.0 final [https://github.com/jtmelton/appsensor/releases/tag/v2.0.0 released] | * [28 Jan 2015] AppSensor Code v2.0.0 final [https://github.com/jtmelton/appsensor/releases/tag/v2.0.0 released] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Code Repository == | == Code Repository == | ||
Line 124: | Line 127: | ||
[[File:AppSensor2_small.jpg|link=]] | [[File:AppSensor2_small.jpg|link=]] | ||
− | The AppSensor Guide | + | The [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-22290600.html AppSensor Guide] and [http://www.lulu.com/shop/owasp-foundation/appsensor-ciso-briefing/paperback/product-22121723.html CISO Briefing] can be purchased at cost as print on demand books. |
− | |||
==Classifications== | ==Classifications== | ||
− | {| | + | {| cellpadding="2" width="200" |
|- | |- | ||
− | | | + | | rowspan="2" align="center" width="50%" valign="top" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]] |
− | | align="center" | + | | align="center" width="50%" valign="top" | [[File:Owasp-builders-small.png|link=Builders]] |
|- | |- | ||
− | | align="center" | + | | align="center" width="50%" valign="top" | [[File:Owasp-defenders-small.png|link=Defenders]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]] |
|} | |} | ||
Line 153: | Line 155: | ||
{| cellpadding="2" | {| cellpadding="2" | ||
|- | |- | ||
− | | | + | | align="left" width="200" valign="top" | |
*Josh Amishav-Zlatin | *Josh Amishav-Zlatin | ||
Line 162: | Line 164: | ||
*Luke Briner | *Luke Briner | ||
*Rauf Butt | *Rauf Butt | ||
+ | *Juan C Calderon | ||
*Fabio Cerullo | *Fabio Cerullo | ||
*Marc Chisinevski | *Marc Chisinevski | ||
Line 167: | Line 170: | ||
*Michael Coates | *Michael Coates | ||
*Dinis Cruz | *Dinis Cruz | ||
+ | *Sumanth Damaria | ||
*August Detlefsen | *August Detlefsen | ||
*Ryan Dewhurst | *Ryan Dewhurst | ||
+ | *Sean Fay | ||
− | | | + | | align="left" width="200" valign="top" | |
− | * | + | *Timo Goosen |
*Dennis Groves | *Dennis Groves | ||
*Randy Janida | *Randy Janida | ||
Line 186: | Line 191: | ||
*Sherif Mansour Farag | *Sherif Mansour Farag | ||
*John Melton | *John Melton | ||
+ | *Mark Miller | ||
+ | * Rich Mogull | ||
+ | *Craig Munson | ||
− | | | + | | align="left" width="200" valign="top" | |
− | * | + | *Louis Nadeau |
*Giri Nambari | *Giri Nambari | ||
− | |||
*Erlend Oftedal | *Erlend Oftedal | ||
*Jay Reynolds | *Jay Reynolds | ||
Line 198: | Line 205: | ||
*Eric Sheridan | *Eric Sheridan | ||
*John Steven | *John Steven | ||
+ | *Raphael Taban | ||
*Alex Thissen | *Alex Thissen | ||
*Don Thomas | *Don Thomas | ||
*Christopher Tidball | *Christopher Tidball | ||
+ | *Stephen de Vries | ||
*Kevin W Wall | *Kevin W Wall | ||
*Colin Watson | *Colin Watson | ||
Line 209: | Line 218: | ||
==OWASP Summer of Code 2008== | ==OWASP Summer of Code 2008== | ||
The AppSensor Project was initially supported by the [https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 OWASP Summer of Code 2008], leading to the publication of the book AppSensor v1.1. | The AppSensor Project was initially supported by the [https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 OWASP Summer of Code 2008], leading to the publication of the book AppSensor v1.1. | ||
− | |||
==Google Summer of Code 2012== | ==Google Summer of Code 2012== | ||
Additional development work on [http://www.google-melange.com/gsoc/project/google/gsoc2012/edil/60002 SOAP web services] was kindly supported by the [http://www.google-melange.com/gsoc/program/home/google/gsoc2012 Google Summer of Code 2012]. | Additional development work on [http://www.google-melange.com/gsoc/project/google/gsoc2012/edil/60002 SOAP web services] was kindly supported by the [http://www.google-melange.com/gsoc/program/home/google/gsoc2012 Google Summer of Code 2012]. | ||
− | + | ==OWASP Code Sprint 2015== | |
+ | Development work was also supported by the [https://www.owasp.org/index.php/Summer_Code_Sprint2015 OWASP Summer Code Sprint 2015]. | ||
== Other Acknowledgements == | == Other Acknowledgements == | ||
Line 239: | Line 248: | ||
The current code being worked on is located on [https://github.com/jtmelton/appsensor GitHub] | The current code being worked on is located on [https://github.com/jtmelton/appsensor GitHub] | ||
− | The code has been fully rewritten. v2.0.0 final was released in late January 2015. | + | The code has been fully rewritten. |
+ | v2.0.0 final was released in late January 2015. | ||
+ | v2.1.0 final was released in June 2015. | ||
+ | v2.2.0 final was released in September 2015 | ||
The main reason for the rewrite was to allow a client-server style model as opposed to requiring AppSensor be fully embedded in the application. You can now have a central server collecting events from multiple applications and performing analysis. These front-end applications can be in any language as long as they speak rest/soap. There's been a host of other changes, but this was the primary one. A number of starter ideas for coding, user interface and documentation have been outlined via the mailing list at [http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-March/000682.html 17th March 2014]. | The main reason for the rewrite was to allow a client-server style model as opposed to requiring AppSensor be fully embedded in the application. You can now have a central server collecting events from multiple applications and performing analysis. These front-end applications can be in any language as long as they speak rest/soap. There's been a host of other changes, but this was the primary one. A number of starter ideas for coding, user interface and documentation have been outlined via the mailing list at [http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-March/000682.html 17th March 2014]. | ||
if you want to work on ANYTHING, please let jtmelton[@]gmail.com know. | if you want to work on ANYTHING, please let jtmelton[@]gmail.com know. | ||
− | |||
== Code Roadmap == | == Code Roadmap == | ||
Line 258: | Line 269: | ||
* <strike>Finish up user documentation at appsensor.org</strike> -> DONE | * <strike>Finish up user documentation at appsensor.org</strike> -> DONE | ||
− | === | + | === June 2015 (2.1) === |
− | * | + | * <strike>Add at least 1 attack emitter for DEVOPS visualization (JMX -> SNMP, syslog, SNMP, .. something)</strike> ([https://github.com/jtmelton/appsensor/issues/19 github issue]) -> DONE |
− | + | * <strike>Sample application / demo</strike> ([https://github.com/jtmelton/appsensor/issues/9 github issue]) -> DONE | |
− | + | * <strike>Finish up developer documentation on github and appsensor.org</strike> ([https://github.com/jtmelton/appsensor/issues/12 github issue]) -> DONE | |
− | + | * <strike>Preparation for GSOC 2015 submission</strike> -> DONE - see [[GSoC2015_Ideas]] - Update - OWASP not selected | |
− | * | ||
− | * Finish up developer documentation on github and appsensor.org ([https://github.com/jtmelton/appsensor/issues/12 github issue]) | ||
− | * | ||
=== September 2015 (2.2) === | === September 2015 (2.2) === | ||
− | * | + | * <strike>First version of administration UI for appsensor (monitoring UI) (github issues [https://github.com/jtmelton/appsensor/issues/10 here] and [https://github.com/jtmelton/appsensor/issues/11 here])</strike> -> DONE |
+ | |||
+ | === January 2016 (2.3) === | ||
+ | * <strike>Get CI server (cloudbees?) setup ([https://github.com/jtmelton/appsensor/issues/15 github issue])</strike> -> DONE | ||
+ | * Video demo of setting up appsensor (screen capture) (related to sample apps) | ||
* New detection point implementations ([https://github.com/jtmelton/appsensor/issues/8 github issue]) | * New detection point implementations ([https://github.com/jtmelton/appsensor/issues/8 github issue]) | ||
* AOP examples of detection point implementations | * AOP examples of detection point implementations | ||
− | |||
− | |||
− | === | + | === May 2016 (2.4) === |
− | * Trend monitoring implementation ( | + | * Trend monitoring implementation ([https://github.com/jtmelton/appsensor/issues/6 github issue]) |
* Additional integrations for reporting (graphite, ganglia -> see list supported by codahale metrics) | * Additional integrations for reporting (graphite, ganglia -> see list supported by codahale metrics) | ||
== Past activities == | == Past activities == | ||
+ | |||
+ | '''September 2015''' Final release v2.2.0 code | ||
+ | |||
+ | '''June 2015''' Final release v2.1.0 code | ||
+ | |||
+ | '''April 2015''' CISO Briefing booklet published | ||
+ | |||
+ | '''February 2015''' Introduction for Developers flyer published | ||
+ | |||
+ | '''January 2015''' Final release v2.0.0 code | ||
'''May 2014''' Finalisation and publication of the AppSensor Guide v2.0 | '''May 2014''' Finalisation and publication of the AppSensor Guide v2.0 | ||
Line 465: | Line 485: | ||
= Media = | = Media = | ||
+ | |||
+ | == Introductory Briefings == | ||
+ | |||
+ | {| | ||
+ | | align="center" valign="top" | Developers | ||
+ | | | ||
+ | | align="center" valign="top" | Architects | ||
+ | | | ||
+ | | align="center" valign="top" | CISOs | ||
+ | |- | ||
+ | | align="left" width="200" valign="top" | [[File:Appsensor-developer-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf]] | ||
+ | | width="20" | | ||
+ | | align="left" width="200" valign="top" | [[File:Appsensor_crosstalk_small.jpg|link=http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-Watson.pdf]] | ||
+ | | width="20" | | ||
+ | | align="center" width="200" valign="top" | [[File:Appsensor-cisobriefing-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf]] | ||
+ | |} | ||
+ | |||
+ | The CISO briefing is also available to [http://www.lulu.com/shop/owasp-foundation/appsensor-ciso-briefing/paperback/product-22121723.html buy at cost in print]. | ||
== AppSensor Website == | == AppSensor Website == | ||
Line 470: | Line 508: | ||
[[File:Appsensor-website-large.jpg|link=http://appsensor.org/]] | [[File:Appsensor-website-large.jpg|link=http://appsensor.org/]] | ||
− | + | http://appsensor.org/ | |
Line 477: | Line 515: | ||
*v2 [https://github.com/jtmelton/appsensor Github Code] | *v2 [https://github.com/jtmelton/appsensor Github Code] | ||
* (LEGACY) v1 [http://code.google.com/p/appsensor/ Google Code] | * (LEGACY) v1 [http://code.google.com/p/appsensor/ Google Code] | ||
− | |||
== AppSensor Guide == | == AppSensor Guide == | ||
Line 486: | Line 523: | ||
*** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC] | *** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC] | ||
*** [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-21608107.html Print on demand at cost hard copy] | *** [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-21608107.html Print on demand at cost hard copy] | ||
− | |||
** v1.1 EN | ** v1.1 EN | ||
*** [https://www.owasp.org/images/2/2f/OWASP_AppSensor_Beta_1.1.pdf PDF] | *** [https://www.owasp.org/images/2/2f/OWASP_AppSensor_Beta_1.1.pdf PDF] | ||
*** [https://www.owasp.org/images/b/b0/OWASP_AppSensor_Beta_1.1.doc DOC] | *** [https://www.owasp.org/images/b/b0/OWASP_AppSensor_Beta_1.1.doc DOC] | ||
− | |||
== Presentations == | == Presentations == | ||
Line 504: | Line 539: | ||
November, 2009 - AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications] | November, 2009 - AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications] | ||
− | May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51 ] | + | May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51] |
May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers] | May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers] | ||
November, 2008 - [https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt OWASP Summit Portugal 2008 PPT] | November, 2008 - [https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt OWASP Summit Portugal 2008 PPT] | ||
− | |||
==Video Demos of AppSensor== | ==Video Demos of AppSensor== | ||
− | |||
[http://www.youtube.com/watch?v=8ItfuwvLxRk Detecting Multiple Attacks & Logging Out Attacker] | [http://www.youtube.com/watch?v=8ItfuwvLxRk Detecting Multiple Attacks & Logging Out Attacker] | ||
Line 522: | Line 555: | ||
[http://www.youtube.com/watch?v=1D6nTlmYjhY Detecting Verb Tampering] | [http://www.youtube.com/watch?v=1D6nTlmYjhY Detecting Verb Tampering] | ||
+ | ==Source Documents / Artwork== | ||
+ | |||
+ | * Guide | ||
+ | ** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc Word (content only)], DOC 11Mb | ||
+ | ** [https://4ed64fe7f7e3f627b8d0-bc104063a9fe564c2d8a75b1e218477a.ssl.cf2.rackcdn.com/appsensor-guide-2v0-owasp.zip Word, images, Lulu covers, diagrams], ZIP 96Mb | ||
+ | * Introduction for Developers | ||
+ | ** [https://www.owasp.org/index.php/File:Appsensor-intro-for-developers-a4.zip A4 Illustrator and PDF exports], ZIP 19Mb | ||
+ | ** [https://www.owasp.org/index.php/File:Appsensor-intro-for-developers-usletter.zip US letter Illustrator and PDF exports], ZIP 19Mb | ||
+ | * Poster | ||
+ | ** [https://www.owasp.org/index.php/File:Owasp-appsensor-poster-a1.zip A1 Illustrator and PDF export] ZIP, 18Mb | ||
= Project About = | = Project About = | ||
{{:Projects/OWASP_AppSensor_Project | Project About}} | {{:Projects/OWASP_AppSensor_Project | Project About}} | ||
+ | <nowiki>}} </nowiki> | ||
− | + | __NOTOC__ <headertabs></headertabs> | |
− | |||
− | __NOTOC__ <headertabs /> | ||
− | [[Category: | + | [[Category:OWASP Project|AppSensor Project]] |
+ | [[Category:OWASP Project]] | ||
+ | [[Category:OWASP_Builders]] | ||
+ | [[Category:OWASP_Defenders]] | ||
+ | [[Category:OWASP_Document]] | ||
+ | [[Category:OWASP_Download]] | ||
+ | [[Category:SAMM-EH-3]] | ||
+ | [[Category:SAMM-SA-2]] | ||
+ | [[Category:SAMM-VM-3]] |
Latest revision as of 20:45, 1 May 2018