Attack Detection And Prevention With Owasp Appsensor presented at OWASP Appsec 2010

by Colin Watson (Watson Hall Ltd),

Tags: Security Web Application Security


Summary : OWASP AppSensor defines a conceptual framework, methodology and guidance to implement intrusion detection and automated response into an existing application. Over 50 detection points have been described together with a number of response actions. A methodology will be presented to plan AppSensor implementations. The planning stage includes sensor selection and positioning, and determination of the appropriate type of response to block or mitigate attacks based on an analysis of business risk and other factors. A lightweight implementation will also be described for organisations wishing to pilot AppSensor in their applications.

Colin Watson: Colin Watson is a consultant and co-founder of Watson Hall Ltd. Colin has a production and process engineering background, but has worked in information systems for fourteen years, concentrating exclusively on web application development, security and compliance. His work involves the management of application risk, building security and privacy into systems development and keeping abreast of relevant international legislation and standards. He has a particular interest in creating user trust in web systems and the relationships between security and usability. Colin has spoken at several OWASP chapter meetings and conferences on topics including web content accessibility guidelines, the Open Software Assurance Maturity Model and AppSensor. He contributes to a number of OWASP projects and is a member of the OWASP Global Industry Committee, having been its chair for the last year. He writes a blog about web security, usability and design under the pseudonym Clerkendweller. He holds a BSc in Chemical Engineering, and an MSc in Computation from the University of Oxford.