This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSensor Project"
From OWASP
m (→OWASP Summer of Code 2008) |
John Melton (talk | contribs) m (removing dennis as project leader) |
||
(9 intermediate revisions by 4 users not shown) | |||
Line 5: | Line 5: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== OWASP AppSensor == | == OWASP AppSensor == | ||
Line 36: | Line 36: | ||
* Norwegian University of Science and Technology in Tronheim | * Norwegian University of Science and Technology in Tronheim | ||
− | ** [ | + | ** [https://brage.bibsys.no/xmlui/handle/11250/252956 AppSensor: Attack-Aware Applications Compared Against a Web Application Firewall and an Intrusion Detection System], Thomassen P, 2012 |
*US Department of Homeland Security | *US Department of Homeland Security | ||
Line 54: | Line 54: | ||
© OWASP Foundation | © OWASP Foundation | ||
− | + | | style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | | |
− | | | ||
== What is AppSensor? == | == What is AppSensor? == | ||
Line 89: | Line 88: | ||
== Project Leaders == | == Project Leaders == | ||
− | |||
* [https://www.owasp.org/index.php/User:John_Melton John Melton] [mailto:john.melton@owasp.org @] | * [https://www.owasp.org/index.php/User:John_Melton John Melton] [mailto:john.melton@owasp.org @] | ||
− | |||
Line 98: | Line 95: | ||
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set]] | * [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set]] | ||
− | + | | style="padding-left:25px;width:200px;" valign="top" | | |
− | | | ||
== Quick Download == | == Quick Download == | ||
− | * OWASP AppSensor Guide v2 | + | * OWASP AppSensor Guide v2 EN |
** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF] | ** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF] | ||
** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC] | ** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC] | ||
Line 109: | Line 105: | ||
* OWASP AppSensor Reference Implementation | * OWASP AppSensor Reference Implementation | ||
** [https://github.com/jtmelton/appsensor v2 Code] | ** [https://github.com/jtmelton/appsensor v2 Code] | ||
− | |||
== News and Events == | == News and Events == | ||
* [25 Sep 2015] [http://appsecusa2015.sched.org/event/09495faf5cced352cb4a2acc16ce9158#.VaOSoHhfk2w Presentation] at AppSec USA 2015 | * [25 Sep 2015] [http://appsecusa2015.sched.org/event/09495faf5cced352cb4a2acc16ce9158#.VaOSoHhfk2w Presentation] at AppSec USA 2015 | ||
− | * [ | + | * [27 Jul 2015] [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc AppSensor Guide v2.0.2] published |
+ | * [09 Jun 2015] AppSensor Code v2.1.0 [https://github.com/jtmelton/appsensor/releases/tag/v2.1.0 released] | ||
* [20 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Code | * [20 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Code | ||
* [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Documentation | * [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Documentation | ||
Line 131: | Line 127: | ||
[[File:AppSensor2_small.jpg|link=]] | [[File:AppSensor2_small.jpg|link=]] | ||
− | The [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product- | + | The [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-22290600.html AppSensor Guide] and [http://www.lulu.com/shop/owasp-foundation/appsensor-ciso-briefing/paperback/product-22121723.html CISO Briefing] can be purchased at cost as print on demand books. |
==Classifications== | ==Classifications== | ||
− | {| | + | {| cellpadding="2" width="200" |
|- | |- | ||
− | | | + | | rowspan="2" align="center" width="50%" valign="top" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]] |
− | | align="center" | + | | align="center" width="50%" valign="top" | [[File:Owasp-builders-small.png|link=Builders]] |
|- | |- | ||
− | | align="center" | + | | align="center" width="50%" valign="top" | [[File:Owasp-defenders-small.png|link=Defenders]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]] |
|} | |} | ||
Line 159: | Line 155: | ||
{| cellpadding="2" | {| cellpadding="2" | ||
|- | |- | ||
− | | | + | | align="left" width="200" valign="top" | |
*Josh Amishav-Zlatin | *Josh Amishav-Zlatin | ||
Line 177: | Line 173: | ||
*August Detlefsen | *August Detlefsen | ||
*Ryan Dewhurst | *Ryan Dewhurst | ||
+ | *Sean Fay | ||
− | | | + | | align="left" width="200" valign="top" | |
− | |||
*Timo Goosen | *Timo Goosen | ||
*Dennis Groves | *Dennis Groves | ||
Line 195: | Line 191: | ||
*Sherif Mansour Farag | *Sherif Mansour Farag | ||
*John Melton | *John Melton | ||
− | |||
− | |||
− | |||
*Mark Miller | *Mark Miller | ||
* Rich Mogull | * Rich Mogull | ||
*Craig Munson | *Craig Munson | ||
+ | |||
+ | | align="left" width="200" valign="top" | | ||
+ | |||
*Louis Nadeau | *Louis Nadeau | ||
*Giri Nambari | *Giri Nambari | ||
Line 227: | Line 223: | ||
==OWASP Code Sprint 2015== | ==OWASP Code Sprint 2015== | ||
− | Development work was also supported by the https://www.owasp.org/index.php/Summer_Code_Sprint2015 OWASP Summer Code Sprint 2015]. | + | Development work was also supported by the [https://www.owasp.org/index.php/Summer_Code_Sprint2015 OWASP Summer Code Sprint 2015]. |
== Other Acknowledgements == | == Other Acknowledgements == | ||
Line 255: | Line 251: | ||
v2.0.0 final was released in late January 2015. | v2.0.0 final was released in late January 2015. | ||
v2.1.0 final was released in June 2015. | v2.1.0 final was released in June 2015. | ||
+ | v2.2.0 final was released in September 2015 | ||
The main reason for the rewrite was to allow a client-server style model as opposed to requiring AppSensor be fully embedded in the application. You can now have a central server collecting events from multiple applications and performing analysis. These front-end applications can be in any language as long as they speak rest/soap. There's been a host of other changes, but this was the primary one. A number of starter ideas for coding, user interface and documentation have been outlined via the mailing list at [http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-March/000682.html 17th March 2014]. | The main reason for the rewrite was to allow a client-server style model as opposed to requiring AppSensor be fully embedded in the application. You can now have a central server collecting events from multiple applications and performing analysis. These front-end applications can be in any language as long as they speak rest/soap. There's been a host of other changes, but this was the primary one. A number of starter ideas for coding, user interface and documentation have been outlined via the mailing list at [http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-March/000682.html 17th March 2014]. | ||
Line 279: | Line 276: | ||
=== September 2015 (2.2) === | === September 2015 (2.2) === | ||
− | * First version of administration UI for appsensor (monitoring UI) (github issues [https://github.com/jtmelton/appsensor/issues/10 here] and [https://github.com/jtmelton/appsensor/issues/11 here]) | + | * <strike>First version of administration UI for appsensor (monitoring UI) (github issues [https://github.com/jtmelton/appsensor/issues/10 here] and [https://github.com/jtmelton/appsensor/issues/11 here])</strike> -> DONE |
=== January 2016 (2.3) === | === January 2016 (2.3) === | ||
− | * Get CI server (cloudbees?) setup ([https://github.com/jtmelton/appsensor/issues/15 github issue]) | + | * <strike>Get CI server (cloudbees?) setup ([https://github.com/jtmelton/appsensor/issues/15 github issue])</strike> -> DONE |
* Video demo of setting up appsensor (screen capture) (related to sample apps) | * Video demo of setting up appsensor (screen capture) (related to sample apps) | ||
* New detection point implementations ([https://github.com/jtmelton/appsensor/issues/8 github issue]) | * New detection point implementations ([https://github.com/jtmelton/appsensor/issues/8 github issue]) | ||
Line 292: | Line 289: | ||
== Past activities == | == Past activities == | ||
+ | |||
+ | '''September 2015''' Final release v2.2.0 code | ||
'''June 2015''' Final release v2.1.0 code | '''June 2015''' Final release v2.1.0 code | ||
Line 496: | Line 495: | ||
| align="center" valign="top" | CISOs | | align="center" valign="top" | CISOs | ||
|- | |- | ||
− | | | + | | align="left" width="200" valign="top" | [[File:Appsensor-developer-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf]] |
| width="20" | | | width="20" | | ||
− | | | + | | align="left" width="200" valign="top" | [[File:Appsensor_crosstalk_small.jpg|link=http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-Watson.pdf]] |
| width="20" | | | width="20" | | ||
− | | | + | | align="center" width="200" valign="top" | [[File:Appsensor-cisobriefing-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf]] |
|} | |} | ||
Line 509: | Line 508: | ||
[[File:Appsensor-website-large.jpg|link=http://appsensor.org/]] | [[File:Appsensor-website-large.jpg|link=http://appsensor.org/]] | ||
− | + | http://appsensor.org/ | |
Line 540: | Line 539: | ||
November, 2009 - AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications] | November, 2009 - AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications] | ||
− | May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51 ] | + | May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51] |
May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers] | May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers] | ||
Line 570: | Line 569: | ||
{{:Projects/OWASP_AppSensor_Project | Project About}} | {{:Projects/OWASP_AppSensor_Project | Project About}} | ||
+ | <nowiki>}} </nowiki> | ||
− | + | __NOTOC__ <headertabs></headertabs> | |
− | |||
− | __NOTOC__ <headertabs /> | ||
− | [[Category: | + | [[Category:OWASP Project|AppSensor Project]] |
+ | [[Category:OWASP Project]] | ||
+ | [[Category:OWASP_Builders]] | ||
+ | [[Category:OWASP_Defenders]] | ||
+ | [[Category:OWASP_Document]] | ||
+ | [[Category:OWASP_Download]] | ||
+ | [[Category:SAMM-EH-3]] | ||
+ | [[Category:SAMM-SA-2]] | ||
+ | [[Category:SAMM-VM-3]] |
Latest revision as of 20:45, 1 May 2018