|
|
(4 intermediate revisions by one other user not shown) |
Line 1: |
Line 1: |
− | = Introduction =
| + | {{taggedDocument |
− | | + | | type=delete |
− | | + | | comment=Very old material that can be deleted. |
− | = Purpose =
| + | }} |
− | | |
− | = Pre-requisities =
| |
− | | |
− | = What to detect = | |
− | | |
− | The most commonly implemented detection points are:
| |
− | | |
− | *
| |
− | *
| |
− | *
| |
− | | |
− | | |
− | = How to respond =
| |
− | | |
− | Thresholds:
| |
− | | |
− | *
| |
− | *
| |
− | *
| |
− | | |
− | Typical responses, that the application may already support in some manner, are:
| |
− | | |
− | * Change monitoring of the user (e.g. increase logging level)
| |
− | * Raise an alert
| |
− | * Add time delays
| |
− | * Log a user out (and possibly lock the account)
| |
− | | |
− | More advanced responses could include
| |
− | | |
− | *
| |
− | * Changing a function (adding a CAPTCHA, ??? )
| |
− | * Disabling a function (for the user, for a group of users, for all users)
| |
− | * Affecting behaviour of another systems (e.g. goods despatch held, firewall blocks IP address)
| |
− | * Altering user properties (changing their credit level)
| |
− | | |
− | | |
− | | |
− | = How to =
| |
− | | |
− | == Software acquisition ==
| |
− | | |
− | == In your own code ==
| |
− | | |
− | | |
− | | |
− | | |
− | == No code available ==
| |
− | | |
− | | |
− | = Related articles =
| |
− | | |
− | Other [http://www.jtmelton.com/2012/05/01/year-of-security-for-java-week-18-perform-application-layer-intrusion-detection/ Year of Security for Java Week 18 - Perform Application Layer Intrusion Detection ]
| |
− | | |
− | | |
− | = Authors and primary contributors =
| |
− | | |
− | | |
− | | |
− | Colin Watson - colin.watson[at]owasp.org
| |
− | | |
− | | |
− | | |
− | | |
− | {{Cheatsheet_Navigation}}
| |
− | | |
− | [[Category:Cheatsheets]] [[Category:OWASP_Defenders]]
| |
Latest revision as of 21:04, 17 August 2018
This page has been recommended for
deletion.
You can help OWASP by improving it or discussing it on its Talk page. See FixME Comment: Very old material that can be deleted.