The OWASP AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response.
John Melton with the help of other code contributors and feedback from the project's code development mailing list have finished a complete overhaul of the previous code. In the words of the version 2.0.0 announcement, the most significant changes are:
- Client-server architecture supporting multiple communication modes including: REST, SOAP, Thrift, local (shared JVM, java-only)
- Any language can be used on the client application. The only requirement is that the language selected must support the communication protocol of the execution mode that is configured (i.e. if using REST as the execution mode, the language must be capable of making HTTP requests.) The server-side components are Java, but this places no restriction on the client applications themselves
- There is no longer a hard dependency on [OWASP] ESAPI. AppSensor is a standalone project, though it can be integrated with projects that also use ESAPI if desired
- The core components of the system have been renamed and now follow the AppSensor v2 book naming conventions, which is based on standard IDS terminology for clarity
- Basic user correlation is supported so that client applications that share a user base (SSO) can share attack detection/response information.
John also created a special AppSensor microsite.
Posted on: 30 January 2015 at 08:26 hrs