This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSensor GettingStarted"

From OWASP
Jump to: navigation, search
(Getting Started with AppSensor Documentation)
 
Line 10: Line 10:
 
*Servlet/JSP libraries
 
*Servlet/JSP libraries
 
*Logging API library (log4j by default)
 
*Logging API library (log4j by default)
 
+
----
 
==== With Maven ====
 
==== With Maven ====
 
If you use maven as the build system for your application, then adding AppSensor to your project is very simple and requires 4 basic steps.  
 
If you use maven as the build system for your application, then adding AppSensor to your project is very simple and requires 4 basic steps.  
Line 26: Line 26:
 
#* validation.properties
 
#* validation.properties
 
#* appsensor.properties  
 
#* appsensor.properties  
# Customize the configuration files listed above to suit your own project.   
+
# Modify the following line in the ESAPI.properties file:
 +
#:<pre>ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector</pre>
 +
#:The line above should be changed to:
 +
#:<pre>ESAPI.IntrusionDetector=org.owasp.appsensor.intrusiondetection.AppSensorIntrusionDetector</pre>
 +
# Customize the configuration files listed above (those in the .esapi folder) to suit your own project.   
 
At this point you should have the project configured to work properly.
 
At this point you should have the project configured to work properly.
 
+
----
 
==== Without Maven ====
 
==== Without Maven ====
 
If you use some mechanism other than maven as the build system for your application, then adding AppSensor requires downloading and adding all required libraries to your project manually in addition to the other basic steps, and this process is outlined below:  
 
If you use some mechanism other than maven as the build system for your application, then adding AppSensor requires downloading and adding all required libraries to your project manually in addition to the other basic steps, and this process is outlined below:  
Line 36: Line 40:
 
#* validation.properties
 
#* validation.properties
 
#* appsensor.properties  
 
#* appsensor.properties  
# Customize the configuration files listed above to suit your own project.   
+
# Modify the following line in the ESAPI.properties file:
 +
#:<pre>ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector</pre>
 +
#:The line above should be changed to
 +
#:<pre>ESAPI.IntrusionDetector=org.owasp.appsensor.intrusiondetection.AppSensorIntrusionDetector</pre>
 +
# Customize the configuration files listed above (those in the .esapi folder) to suit your own project.   
 
At this point you should have the project configured to work properly.
 
At this point you should have the project configured to work properly.
 
+
----
 
== Using AppSensor in your project ==
 
== Using AppSensor in your project ==
 
Once your project is properly configured to use AppSensor, using AppSensor is very simple. Here are a couple of very simple examples.
 
Once your project is properly configured to use AppSensor, using AppSensor is very simple. Here are a couple of very simple examples.

Revision as of 03:03, 19 June 2010

Getting Started with AppSensor

The describes an application layer intrusion detection system, both the concepts involved as well as offering a collection of helpful detection points to be implemented into your application. This document describes how to begin using the Java implementation of AppSensor as part of your application.

Adding AppSensor to your project

Dependencies

AppSensor has the following dependencies:

  • OWASP ESAPI Java library
  • JavaMail libraries (activation and mail jar files)
  • Servlet/JSP libraries
  • Logging API library (log4j by default)

With Maven

If you use maven as the build system for your application, then adding AppSensor to your project is very simple and requires 4 basic steps.

  1. Add the following configuration into the dependencies section of your POM:
    <dependency>
    <groupId>org.owasp.appsensor</groupId>
    <artifactId>AppSensor</artifactId>
    <version>PUT_YOUR_VERSION_HERE</version>
    </dependency>
  2. Add the ESAPI jar into your local maven repository manually using the mvn install command. This will add ESAPI to the project. Note: This process will change in the future once ESAPI is fully setup in the central maven repository. At that time, AppSensor's POM will add ESAPI as a dependency, and this step will go away.
  3. Add the .esapi folder to your project in a location that ESAPI can find it. The easiest way to do this is to add the folder under the root of your src folder. Additionally, you will need to place 3 files in the .esapi folder:
    • ESAPI.properties
    • validation.properties
    • appsensor.properties
  4. Modify the following line in the ESAPI.properties file:
    ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
    The line above should be changed to:
    ESAPI.IntrusionDetector=org.owasp.appsensor.intrusiondetection.AppSensorIntrusionDetector
  5. Customize the configuration files listed above (those in the .esapi folder) to suit your own project.

At this point you should have the project configured to work properly.


Without Maven

If you use some mechanism other than maven as the build system for your application, then adding AppSensor requires downloading and adding all required libraries to your project manually in addition to the other basic steps, and this process is outlined below:

  1. Download the libraries described as dependencies above, and add them to your project (likely in the WEB-INF/lib folder of your application).
  2. Add the .esapi folder to your project in a location that ESAPI can find it. The easiest way to do this is to add the folder under the root of your src folder. Additionally, you will need to place 3 files in the .esapi folder:
    • ESAPI.properties
    • validation.properties
    • appsensor.properties
  3. Modify the following line in the ESAPI.properties file:
    ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
    The line above should be changed to
    ESAPI.IntrusionDetector=org.owasp.appsensor.intrusiondetection.AppSensorIntrusionDetector
  4. Customize the configuration files listed above (those in the .esapi folder) to suit your own project.

At this point you should have the project configured to work properly.


Using AppSensor in your project

Once your project is properly configured to use AppSensor, using AppSensor is very simple. Here are a couple of very simple examples.

The following example involves creating an AppSensorException by hand in your application:

//This example snippet might be placed on a jsp that handles HTTP 404 errors.  
//When the page is accessed, this code notifies AppSensor that an invalid page request was made.
//Notice that the exception is created, not thrown

new AppSensorException("ACE3", "Invalid request", "Attacker is requesting a non-existent (404) page (" + requestedURI + ")");

The following example relies on the AttackDetectorUtils class to create the exception. This class contains various methods that handle common detection points.

//This example snippet might be placed in request handling code that expects a form POST to occur (not a GET, not a PUT, etc).   
//This code notifies AppSensor that an type of HTTP request was made.

AttackDetectorUtils.verifyValidRequestMethod(request, AttackDetectorUtils.POST);

This document shows that AppSensor is very simple to configure as well as to use. Once setup, you simply add detection points to your code and add and/or modify the appropriate configuration information in the ESAPI.properties and appsensor.properties files in order to let AppSensor know your appropriate thresholds for each detection point. That's it!