OWASP AppSensor – In Theory, In Practice and In Print presented at OWASPAppSecEU 2013

by Dennis Groves, Colin Watson,

Summary : The AppSensor Project defines the concept of application-specific real time attack detection and response. Begun as an OWASP Summer of Code 2008 project by Michael Coates, he has led an active team of contributors to enhance, extend, document and code the idea. The project is now listed on the US Department Homeland Security's Software Assurance page about resilient software.
During 2013 a new AppSensor Guide book has been written to document the cumulated knowledge of the contributors, provide illustrative case studies, and most importantly showcase several demonstration working implementations. In 2012 and 2013 the development team have built on a previous core Java version to create a standalone web services AppSensor engine. This effort was supported by the Google Summer of Code 2012.
In this presentation Dennis Groves and Colin Watson will briefly summarise the concept, explain alternative architectural models, discuss the newly published implementation guide which the two speakers have been the primary authors, and explain the code and web services implementations that attendees will be able to use immediately in their own projects. Additionally, new research activities using a modified web application honeypot to test the efficacy of the AppSensor concept will be described.