Monday, December 14, 2009
DefendTheApp - An OWASP AppSensor Project
Posted by Michael Coates
DefendTheApp.com is now live. This site provides a fully functioning demonstration application that has implemented an AppSensor detection and response capability. The site also provides easy links to all relevant AppSensor information.
Not familiar with AppSensor? The basic idea is this; currently applications use a variety of secure development techniques to prevent an attacker from being able to break into the application. Secure development is great, however, we can't just stop there.
Consider the defensive strategies used by physical banks, prisons, federal buildings, etc. We do use security controls to prevent attacks (locked doors, ID card to enter) , however, we also use a variety of methods to monitor and detect attackers before they have succeeded in their devious intents (cameras, guards, motion sensors, alarms). And in the real world, we put most of our faith in the ability to detect and catch a criminal, not in the ability to design a system that can withstand a relentless and unrestricted series of attacks.
This is the idea of AppSensor. Implement detection points within the application to discover a malicious user that is probing for vulnerabilities. Once the user is detected and a threshold of malicious activity is reached, report the user as an attacker and lock that user out of the application. If you can detect attackers and lock them out before the attacker finds a vulnerability, then you've significantly enhanced the security of your application.