This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSensor Project"

From OWASP
Jump to: navigation, search
m (OWASP Summer of Code 2008)
m (removing dennis as project leader)
 
(9 intermediate revisions by 4 users not shown)
Line 5: Line 5:
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
+
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
  
 
== OWASP AppSensor ==
 
== OWASP AppSensor ==
Line 36: Line 36:
  
 
* Norwegian University of Science and Technology in Tronheim
 
* Norwegian University of Science and Technology in Tronheim
** [http://ntnu.diva-portal.org/smash/record.jsf?pid=diva2:566091 AppSensor: Attack-Aware Applications Compared Against a Web Application Firewall and an Intrusion Detection System], Thomassen P, 2012
+
** [https://brage.bibsys.no/xmlui/handle/11250/252956 AppSensor: Attack-Aware Applications Compared Against a Web Application Firewall and an Intrusion Detection System], Thomassen P, 2012
  
 
*US Department of Homeland Security
 
*US Department of Homeland Security
Line 54: Line 54:
 
© OWASP Foundation
 
© OWASP Foundation
  
 
+
| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
  
 
== What is AppSensor? ==
 
== What is AppSensor? ==
Line 89: Line 88:
 
== Project Leaders ==
 
== Project Leaders ==
  
* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves] [mailto:dennis.groves@owasp.org @]
 
 
* [https://www.owasp.org/index.php/User:John_Melton John Melton] [mailto:john.melton@owasp.org @]
 
* [https://www.owasp.org/index.php/User:John_Melton John Melton] [mailto:john.melton@owasp.org @]
* [https://www.owasp.org/index.php/User:Clerkendweller Colin Watson] [mailto:colin.watson@owasp.org @]
 
  
  
Line 98: Line 95:
 
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set]]
 
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set]]
  
 
+
| style="padding-left:25px;width:200px;" valign="top" |
| valign="top"  style="padding-left:25px;width:200px;" |
 
  
 
== Quick Download ==
 
== Quick Download ==
  
* OWASP AppSensor Guide v2.0.1 EN
+
* OWASP AppSensor Guide v2 EN
 
** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF]
 
** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF]
 
** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC]
 
** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC]
Line 109: Line 105:
 
* OWASP AppSensor Reference Implementation
 
* OWASP AppSensor Reference Implementation
 
** [https://github.com/jtmelton/appsensor v2 Code]
 
** [https://github.com/jtmelton/appsensor v2 Code]
 
  
 
== News and Events ==
 
== News and Events ==
  
 
* [25 Sep 2015] [http://appsecusa2015.sched.org/event/09495faf5cced352cb4a2acc16ce9158#.VaOSoHhfk2w Presentation] at AppSec USA 2015
 
* [25 Sep 2015] [http://appsecusa2015.sched.org/event/09495faf5cced352cb4a2acc16ce9158#.VaOSoHhfk2w Presentation] at AppSec USA 2015
* [9 Jun 2015] AppSensor Code v2.1.0 [https://github.com/jtmelton/appsensor/releases/tag/v2.1.0 released]
+
* [27 Jul 2015] [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc AppSensor Guide v2.0.2] published
 +
* [09 Jun 2015] AppSensor Code v2.1.0 [https://github.com/jtmelton/appsensor/releases/tag/v2.1.0 released]
 
* [20 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Code
 
* [20 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Code
 
* [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Documentation
 
* [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Documentation
Line 131: Line 127:
 
[[File:AppSensor2_small.jpg|link=]]
 
[[File:AppSensor2_small.jpg|link=]]
  
The [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-21608107.html AppSensor Guide] and [http://www.lulu.com/shop/owasp-foundation/appsensor-ciso-briefing/paperback/product-22121723.html CISO Briefing] can be purchased at cost as print on demand books.
+
The [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-22290600.html AppSensor Guide] and [http://www.lulu.com/shop/owasp-foundation/appsensor-ciso-briefing/paperback/product-22121723.html CISO Briefing] can be purchased at cost as print on demand books.
  
 
==Classifications==
 
==Classifications==
  
   {| width="200" cellpadding="2"
+
   {| cellpadding="2" width="200"
 
   |-
 
   |-
   | align="center" valign="top" rowspan="2" width="50%" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
+
   | rowspan="2" align="center" width="50%" valign="top" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
   | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]   
+
   | align="center" width="50%" valign="top" | [[File:Owasp-builders-small.png|link=Builders]]   
 
   |-
 
   |-
   | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
+
   | align="center" width="50%" valign="top" | [[File:Owasp-defenders-small.png|link=Defenders]]
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
+
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]   
+
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]   
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
+
   | colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
 
   |}
 
   |}
  
Line 159: Line 155:
 
{| cellpadding="2"
 
{| cellpadding="2"
 
   |-
 
   |-
   | width="200" align="left" valign="top" |  
+
   | align="left" width="200" valign="top" |  
  
 
*Josh Amishav-Zlatin
 
*Josh Amishav-Zlatin
Line 177: Line 173:
 
*August Detlefsen
 
*August Detlefsen
 
*Ryan Dewhurst
 
*Ryan Dewhurst
 +
*Sean Fay
  
   | width="200" align="left" valign="top" |  
+
   | align="left" width="200" valign="top" |  
  
*Sean Fay
 
 
*Timo Goosen
 
*Timo Goosen
 
*Dennis Groves
 
*Dennis Groves
Line 195: Line 191:
 
*Sherif Mansour Farag
 
*Sherif Mansour Farag
 
*John Melton
 
*John Melton
 
  | width="200" align="left" valign="top" |
 
 
 
*Mark Miller
 
*Mark Miller
 
* Rich Mogull
 
* Rich Mogull
 
*Craig Munson
 
*Craig Munson
 +
 +
  | align="left" width="200" valign="top" |
 +
 
*Louis Nadeau
 
*Louis Nadeau
 
*Giri Nambari
 
*Giri Nambari
Line 227: Line 223:
  
 
==OWASP Code Sprint 2015==
 
==OWASP Code Sprint 2015==
Development work was also supported by the https://www.owasp.org/index.php/Summer_Code_Sprint2015 OWASP Summer Code Sprint 2015].
+
Development work was also supported by the [https://www.owasp.org/index.php/Summer_Code_Sprint2015 OWASP Summer Code Sprint 2015].
  
 
== Other Acknowledgements ==
 
== Other Acknowledgements ==
Line 255: Line 251:
 
v2.0.0 final was released in late January 2015.
 
v2.0.0 final was released in late January 2015.
 
v2.1.0 final was released in June 2015.
 
v2.1.0 final was released in June 2015.
 +
v2.2.0 final was released in September 2015
  
 
The main reason for the rewrite was to allow a client-server style model as opposed to requiring AppSensor be fully embedded in the application. You can now have a central server collecting events from multiple applications and performing analysis. These front-end applications can be in any language as long as they speak rest/soap. There's been a host of other changes, but this was the primary one. A number of starter ideas for coding, user interface and documentation have been outlined via the mailing list at [http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-March/000682.html 17th March 2014].
 
The main reason for the rewrite was to allow a client-server style model as opposed to requiring AppSensor be fully embedded in the application. You can now have a central server collecting events from multiple applications and performing analysis. These front-end applications can be in any language as long as they speak rest/soap. There's been a host of other changes, but this was the primary one. A number of starter ideas for coding, user interface and documentation have been outlined via the mailing list at [http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-March/000682.html 17th March 2014].
Line 279: Line 276:
  
 
=== September 2015 (2.2) ===  
 
=== September 2015 (2.2) ===  
* First version of administration UI for appsensor (monitoring UI) (github issues [https://github.com/jtmelton/appsensor/issues/10 here] and [https://github.com/jtmelton/appsensor/issues/11 here])
+
* <strike>First version of administration UI for appsensor (monitoring UI) (github issues [https://github.com/jtmelton/appsensor/issues/10 here] and [https://github.com/jtmelton/appsensor/issues/11 here])</strike> -> DONE
  
 
=== January 2016 (2.3) ===  
 
=== January 2016 (2.3) ===  
* Get CI server (cloudbees?) setup ([https://github.com/jtmelton/appsensor/issues/15 github issue])
+
* <strike>Get CI server (cloudbees?) setup ([https://github.com/jtmelton/appsensor/issues/15 github issue])</strike> -> DONE
 
* Video demo of setting up appsensor (screen capture) (related to sample apps)
 
* Video demo of setting up appsensor (screen capture) (related to sample apps)
 
* New detection point implementations ([https://github.com/jtmelton/appsensor/issues/8 github issue])
 
* New detection point implementations ([https://github.com/jtmelton/appsensor/issues/8 github issue])
Line 292: Line 289:
  
 
== Past activities ==
 
== Past activities ==
 +
 +
'''September 2015''' Final release v2.2.0 code
  
 
'''June 2015''' Final release v2.1.0 code
 
'''June 2015''' Final release v2.1.0 code
Line 496: Line 495:
 
| align="center" valign="top" | CISOs
 
| align="center" valign="top" | CISOs
 
|-
 
|-
| width="200" align="left" valign="top" | [[File:Appsensor-developer-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf]]
+
| align="left" width="200" valign="top" | [[File:Appsensor-developer-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf]]
 
| width="20" |
 
| width="20" |
| width="200" align="left" valign="top" | [[File:Appsensor_crosstalk_small.jpg|link=http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-Watson.pdf]]
+
| align="left" width="200" valign="top" | [[File:Appsensor_crosstalk_small.jpg|link=http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-Watson.pdf]]
 
| width="20" |
 
| width="20" |
| width="200" align="center" valign="top" | [[File:Appsensor-cisobriefing-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf]]
+
| align="center" width="200" valign="top" | [[File:Appsensor-cisobriefing-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf]]
 
|}
 
|}
  
Line 509: Line 508:
 
[[File:Appsensor-website-large.jpg|link=http://appsensor.org/]]
 
[[File:Appsensor-website-large.jpg|link=http://appsensor.org/]]
  
[http://appsensor.org/ http://appsensor.org/]
+
http://appsensor.org/
  
  
Line 540: Line 539:
 
November, 2009 -  AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications]
 
November, 2009 -  AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications]
  
May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51 ]
+
May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51]
  
 
May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers]
 
May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers]
Line 570: Line 569:
 
{{:Projects/OWASP_AppSensor_Project | Project About}}
 
{{:Projects/OWASP_AppSensor_Project | Project About}}
  
 +
<nowiki>}} </nowiki>
  
}}
+
__NOTOC__ <headertabs></headertabs>  
 
 
__NOTOC__ <headertabs />  
 
  
[[Category:OWASP_Project|AppSensor Project]] [[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:SAMM-EH-3]] [[Category:SAMM-SA-2]]
+
[[Category:OWASP Project|AppSensor Project]]  
 +
[[Category:OWASP Project]]   
 +
[[Category:OWASP_Builders]]  
 +
[[Category:OWASP_Defenders]]  
 +
[[Category:OWASP_Document]]  
 +
[[Category:OWASP_Download]]  
 +
[[Category:SAMM-EH-3]]  
 +
[[Category:SAMM-SA-2]]
 +
[[Category:SAMM-VM-3]]

Latest revision as of 20:45, 1 May 2018

Appsensor-header.jpg
Flagship big.jpg

OWASP AppSensor

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications.

The project offers a comprehensive guide and a reference implementation. These resources can be used by architects, developers, security analyst and system administrators to plan, implement and monitor an AppSensor system.

Introduction

If you walk into a bank and try opening random doors, you will be identified, led out of the building and possibly arrested. However, if you log into an online banking application and start looking for vulnerabilities no one will say anything. This needs to change! As critical applications continue to become more accessible and inter-connected, it is paramount that critical information is sufficiently protected. We must also realize that our defenses may not be perfect. Given enough time, attackers can identify security flaws in the design or implementation of an application.

In addition to implementing layers of defense within an application, we must identify malicious individuals before they are able to identify any gaps in our defenses. The best place to identify malicious activity against the application is within the application itself. Network based intrusion detection systems are not appropriate to handle the custom and intricate workings of an enterprise application and are ill-suited to detect attacks focusing on application logic such as authentication, access control, etc. This project delivers a framework which can be used to build a robust system of attack detection, analysis, and response within an enterprise application.


Detect and Respond to Attacks from Within the Application

Detection

AppSensor defines over 50 different detection points which can be used to identify a malicious attacker.

Response

AppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator. More than a dozen response actions are described.

Defending the Application

An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.


Citations

  • CrossTalk, The Journal of Defense Software Engineering
    • Creating Attack-Aware Software Applications with Real Time Defenses, Vol. 24, No. 5, Sep/Oct 2011


Licensing

OWASP AppSensor is free to use.

Guide

The guide is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Reference Implementation

The reference implementation is licensed under the MIT License, which is a permissive (commercial-friendly) license only requiring you to include a copy of the license upon distribution or copying.

© OWASP Foundation

What is AppSensor?

Detect and respond to attacks from within the application. This project includes both a well documented idea (the Guide) and a reference implementation (the Code).


Intro for Developers

Appsensor-developer-small.jpg

Two-sided US Letter or A4


AppSensor Website

Appsensor-website-small.jpg

See the AppSensor website for an introduction and quick start instructions.

Overview

Appsensor-cisobriefing-small.jpg

12-page US Letter booklet


Project Founder


Project Leaders


Related Projects

Quick Download

News and Events

Code Repository

In Print

AppSensor2 small.jpg

The AppSensor Guide and CISO Briefing can be purchased at cost as print on demand books.

Classifications

Mature projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg
Project Type Files CODE.jpg