Difference between revisions of "Projects/OWASP AppSensor Project"

Overview The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.
Detection AppSensor defines over 50 different detection points which can be used to identify a malicious attacker.
Response AppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator. More than a dozen response actions are described.
Defending the Application An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.

• Michael Coates @
• John Melton @
• Colin Watson @

• Ryan Barnett @
• Simon Bennetts
• August Detlefsen
• Randy Janida
• Jim Manico @
• Giri Nambari
• Eric Sheridan @
• Kevin Wall

• AppSensor & ESAPI Developer's Guide
• AppSensor Tutorial
• Download AppSensor Book - PDF
• Download AppSensor Book - Word
• Automated Application Defenses to Thwart Advanced Attackers
• Diagram
• Live Demo
• AppSensor Code

• Contact Michael Coates @ to contribute to this project

• Contact Michael Coates @ to review or sponsor this project

• AppSensor 0.1.3