AppSensor is an OWASP project that defines a conceptual framework, methodology, guidance and reference implementation to design and deploy malicious behavior detection and automated responses directly within software applications.
There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.
8. ~5 yrs ago dev
• mostly web apps
[RoR, PHP, .NET, Java)
• ajax (jquery) use
growing
• mobile just getting
started
• deployment to VMs
• hadoop picking up
• BI tools
• AWS starting
• cloud hype cycle
(NIST defines)
13. - LinkedIn, March 2015
“the Kafka ecosystem at LinkedIn is sent over
800 billion* messages per day..
At the busiest times of day, we are receiving
over 13 million messages per second.”
* Update (Sept 2015) : 1.1 Trillion messages per day
15. dev vs. security
• dev is exploiting fundamental
architectural and deployment changes to
add business value
!
• security is iterating on existing solutions -
and - trying to close gaps (known
problems)
16. having to deal with [scale,
speed, cloud, lack of
environmental access]
!
represents an enormous
opportunity for security
34. OWASP ASIDE
Based
on
ESAPI
code
(length
checked),
ASIDE
infers
that
this
may
be
a
point
to
insert
an
app
sensor;
whether
a
sensor
is
placed
relies
on
developer’s
decision.
35. OWASP ASIDE
Based
on
ESAPI
code
(length
checked),
ASIDE
infers
that
this
may
be
a
point
to
insert
an
app
sensor;
whether
a
sensor
is
placed
relies
on
developer’s
decision.
36. OWASP ASIDE
Based
on
ESAPI
code
(length
checked),
ASIDE
infers
that
this
may
be
a
point
to
insert
an
app
sensor;
whether
a
sensor
is
placed
relies
on
developer’s
decision.
37. OWASP ASIDE
It
not
only
captures
the
context
informaFon
(e.g.
the
sensor
event
is
from
username
field),
but
also
records
that
the
sensor
event
is
due
to
an
exceedingly
lengthy
input.
39. OWASP ASIDE
• eclipse IDE
• reminder icon or highlight
• drop down list of applicable sensors
• auto-insertion of ASIDE sensor APIs and code
refactoring
51. future
• better story for adding detection points
• more (canned) analysis (exploring
machine learning, expert systems)
• more integrations
• standard refactoring / maintenance
52. you
• help wanted!
• plenty of places to contribute and improve
• friendly, helpful community
• https://github.com/jtmelton/appsensor/issues
• https://www.owasp.org/index.php/
OWASP_AppSensor_Project#tab=Road_Map_
and_Getting_Involved