This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template AppSensor Project"

From OWASP
Jump to: navigation, search
 
(27 intermediate revisions by 3 users not shown)
Line 7: Line 7:
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
 +
 +
'''Real Time Application Attack Detection and Response'''
 +
 
'''Overview'''
 
'''Overview'''
  
The AppSesnsor document is a conceptual framework that offers prescriptive guidance to implement intrusion detection capabilities into existing application utilizing standard security controls and recommendations for automated response policies based upon detected behaviour. When using AppSensor, an application will be able to identify malicious users whithin the application and eliminate the threat by taking response action such as logging out the user, locking the account or notifying an admnistrator.
+
Article on why [http://www.owasp.org/index.php/ApplicationLayerIntrustionDetection Application Based Intrusion Detection] is a must for critical applications.
 +
 
 +
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application.  Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.
 +
<br><br>
 +
 
 +
'''Detection'''
  
An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.
+
AppSensor defines over 50 different [http://www.owasp.org/index.php/AppSensor_DetectionPoints detection points] which can be used to identify a malicious attacker.
 +
 
 +
'''Response'''
 +
 
 +
AppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator.  More than a dozen [http://www.owasp.org/index.php/AppSensor_ResponseActions response actions] are described.
  
'''A bit more detail'''
+
'''Defending the Application'''
  
The goal of this project is to create the standard and guidance for how an application should detect, log and respond to malicious events. The deliverable for this project will be a framework of information which would be used by an application architect during the design of the system itself. This project would not create a tool or any code. Instead, it will build upon many of the IDS concepts developed in ESAPI and move towards a fully developed Application IDS Framework Standard. For example, when an architect considers the design of their authentication system (or any other critical system) they would reference the AppSensor guidelines on authentication. The AppSensor guidance will indicate what sort of authentication actions need to be logged (failed login attempt, use of multiple user-names from a single IP, high rate of login attempts etc) and
+
An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.
  
what information must be captured (user-name, ip, timestamp etc). Further, the AppSensor guidance will detail how all the events should be handled. Events will have different severities and will be sent to a centralized logging system within the application. This system collect the security events from throughout the application (authorization attacks, business logic attacks, force browsing attempts etc) and will then be able to take appropriate action against the user. This could include locking out an account, generating alerts to sys-admins, shutting down portions of the application, etc. Essentially, my project is defining how an Intrusion Detection System should be designed, configured and built into the code of any custom application. By building the Application Level IDS within the application itself, we are in the best place to capture and respond to all malicious actions performed against the application.
 
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:MichaelCoates|'''Michael Coates''']]
+
  | style="width:14%; background:#cccccc" align="center"|Project Leaders:
  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
+
[[User:MichaelCoates|'''Michael Coates''']]<br>John Melton<br>Colin Watson<br>Dennis Groves
 +
  | style="width:15%; background:#cccccc" align="center"|Project Contributors:
 +
Ryan Barnett
 +
<br>Simon Bennetts
 +
<br>August Detlefsen
 +
<br>Dennis Groves
 +
<br>Randy Janida
 +
<br>Jim Manico
 +
<br>Giri Nambari
 +
<br>Eric Sheridan
 +
<br>John Stevens
 +
<br>Kevin Wall
 
  | style="width:10%; background:#cccccc" align="center"|Mailing list<br>[https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project '''Subscribe here''']<br>[mailto:OWASP-AppSensor-Project(at)lists.owasp.org '''Use here''']
 
  | style="width:10%; background:#cccccc" align="center"|Mailing list<br>[https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project '''Subscribe here''']<br>[mailto:OWASP-AppSensor-Project(at)lists.owasp.org '''Use here''']
 
| style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
 
| style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Beta Quality Projects|'''Documentation''']]
+
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Beta Status Projects|'''Documentation''']]
 
| style="width:15%; background:#cccccc" align="center"|Sponsor<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]   
 
| style="width:15%; background:#cccccc" align="center"|Sponsor<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]   
 
  |}
 
  |}
Line 35: Line 57:
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
 
'''[[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|Beta Quality]]'''<br>[[:OWASP AppSensor Project - Assessment Frame|Please see here for complete information.]]
 
'''[[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|Beta Quality]]'''<br>[[:OWASP AppSensor Project - Assessment Frame|Please see here for complete information.]]
  | style="width:42%; background:#cccccc" align="center"|
+
  | style="width:42%; background:#cccccc" align="left"|
'''AppSensor Beta Release 1.0 - Now Available!'''
+
* '''NEW: AppSensor & ESAPI:''' [http://www.owasp.org/index.php/AppSensor_Developer_Guide Getting Started: AppSensor Developer Guide]
* [http://www.owasp.org/images/4/46/OWASP_AppSensor.pdf PDF] & [Word] files - NEW RELEASE!!!
+
* '''Download AppSensor Book:''' [https://www.owasp.org/images/2/2f/OWASP_AppSensor_Beta_1.1.pdf PDF] | [https://www.owasp.org/images/b/b0/OWASP_AppSensor_Beta_1.1.doc Word]
* [https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt PowerPoint Presentation]
+
* '''Presentations:'''  
  | style="width:29%; background:#cccccc" align="center"|
+
** [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications]
* (If appropriate, add links)
+
** [http://www.brighttalk.com/webcast/20680 Automated Application Defenses to Thwart Advanced Attackers (Slides & Audio)]
 +
* '''Diagram:''' [https://www.owasp.org/index.php/File:Appsensor-pid.pdf Understanding AppSensor in the WebApp - Diagram]
 +
* '''Live Demo:''' [http://www.youtube.com/watch?v=8ItfuwvLxRk Video]
 +
* '''AppSensor Code:''' [http://code.google.com/p/appsensor/ Google Code]
 +
* '''External References/Links:'''
 +
** [https://buildsecurityin.us-cert.gov/swa/topics/resilient-software/ DHS Building Resilient Software]
 +
** [https://buildsecurityin.us-cert.gov/swa/resources DHS Software Assurance Resources]
 +
** [http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-Watson.pdf US Department of Defense Cross Talk Journal Sept, 2011]
 +
  | style="width:29%; background:#cccccc" align="center" |
 +
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API ESAPI]
 
  |}
 
  |}
 +
 
----
 
----
 
 
 
 
 
 
 
 
 
 
{| style="width:100%" border="0" align="center"
 
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP AppSensor Project - Detect and Respond to Attacks from Within the Application'''
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
 
| colspan="6" style="width:85%; background:#cccccc" align="left"|
 
'''Overview'''
 
 
The AppSesnsor document is a conceptual framework that offers prescriptive guidance to implement intrusion detection capabilities into existing application utilizing standard security controls and recommendations for automated response policies based upon detected behaviour. When using AppSensor, an application will be able to identify malicious users whithin the application and eliminate the threat by taking response action such as logging out the user, locking the account or notifying an admnistrator. 
 
 
An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.
 
 
'''A bit more detail'''
 
 
The goal of this project is to create the standard and guidance for how an application should detect, log and respond to malicious events. The deliverable for this project will be a framework of information which would be used by an application architect during the design of the system itself. This project would not create a tool or any code. Instead, it will build upon many of the IDS concepts developed in ESAPI and move towards a fully developed Application IDS Framework Standard. For example, when an architect considers the design of their authentication system (or any other critical system) they would reference the AppSensor guidelines on authentication. The AppSensor guidance will indicate what sort of authentication actions need to be logged (failed login attempt, use of multiple user-names from a single IP, high rate of login attempts etc) and
 
 
what information must be captured (user-name, ip, timestamp etc). Further, the AppSensor guidance will detail how all the events should be handled. Events will have different severities and will be sent to a centralized logging system within the application. This system collect the security events from throughout the application (authorization attacks, business logic attacks, force browsing attempts etc) and will then be able to take appropriate action against the user. This could include locking out an account, generating alerts to sys-admins, shutting down portions of the application, etc. Essentially, my project is defining how an Intrusion Detection System should be designed, configured and built into the code of any custom application. By building the Application Level IDS within the application itself, we are in the best place to capture and respond to all malicious actions performed against the application.
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
 
| style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:michael.coates(at)aspectsecurity.com '''Michael Coates''']
 
| style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
 
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project '''Mailing List/Subscribe''']<br>[mailto:OWASP-AppSensor-Project(at)lists.owasp.org '''Mailing List/Use''']
 
| style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:eric.sheridan(at)aspectsecurity.com '''Eric Sheridan''']
 
| style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:rjaninda(at)silverknightsecurity.com '''Randy Janinda''']
 
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
 
|-
 
| style="width:100%; background:#cccccc" align="center"|
 
The first draft of the AppSensor Project has been distributed to reviewers. Feedback has been received and updated.
 
 
The second draft has been distributed to reviewers. Feedback has been received and updated.
 
 
'''AppSensor Beta Release Now Available!'''
 
 
* [http://www.owasp.org/images/4/46/OWASP_AppSensor.pdf AppSensor Beta Release 1.0]
 
* [https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt PowerPoint Presentation]
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
 
|-
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
 
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#P017 - OWASP AppSensor - Detect and Respond to Attacks from Within the Application|'''Sponsored Project/Guidelines/Roadmap''']]
 
|}
 
{| style="width:100%" border="0" align="center"
 
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
 
|-
 
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
 
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
 
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
 
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''YES'''<br>---------<br>[[Project Information:template AppSensor Project - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''YES'''<br>---------<br>[[Project Information:template AppSensor Project - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''YES'''<br>---------<br>[[Project Information:template AppSensor Project 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
|-
 
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''YES'''
 
<br>---------<br>Which status has been reached?<br>'''Beta'''<br>'''Season of Code - 2008''' <br>---------<br>[[Project Information:template AppSensor Project - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''YES''' 
 
<br>---------<br>Which status has been reached?<br>'''Beta'''<br>'''Season of Code - 2008''' <br>---------<br>[[Project Information:template AppSensor Project - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
 
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''YES'''
 
<br>---------<br>Which status has been reached?<br>'''Beta'''<br>'''Season of Code - 2008''' <br>---------<br>[[Project Information:template AppSensor Project - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
 
| style="width:22%; background:#C2C2C2" align="center"|X
 
|-
 
|}
 

Latest revision as of 18:22, 13 August 2013

PROJECT IDENTIFICATION
Project Name OWASP AppSensor Project - Detect and Respond to Attacks from Within the Application
Short Project Description

Real Time Application Attack Detection and Response

Overview

Article on why Application Based Intrusion Detection is a must for critical applications.

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.

Detection

AppSensor defines over 50 different detection points which can be used to identify a malicious attacker.

Response

AppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator. More than a dozen response actions are described.

Defending the Application

An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.

Project key Information Project Leaders:

Michael Coates
John Melton
Colin Watson
Dennis Groves

Project Contributors:

Ryan Barnett
Simon Bennetts
August Detlefsen
Dennis Groves
Randy Janida
Jim Manico
Giri Nambari
Eric Sheridan
John Stevens
Kevin Wall

Mailing list
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.