Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP AppSensor Michael Coates AppSensor Aspect Security

Published byCarsten Vogel Modified over 5 years ago

Similar presentations

Presentation on theme: "OWASP AppSensor Michael Coates AppSensor Aspect Security"— Presentation transcript:

1 OWASP AppSensor Michael Coates AppSensor Aspect Security
Nov 5, 2008

2 AppSensor – Summer of Code 2008 Beta Quality Release Reviewers:
Introduction AppSensor – Summer of Code 2008 Beta Quality Release Reviewers: Eric Sheridan Randy Janinda 42 Detection Points 42 Pages

3 Applications Today

4 Introduce AppSensor

5 Why? Logging Passive Too Late WAF Generic No Business Context

6 Detection

7 Trend Detection

8 Respond per Established Policy
Response Eliminate Threat Respond per Established Policy 3 Suspicious Events = 1 Security Event 1 Attack Event = 1 Security Event User events totals cleared on rolling 24 hrs basis Suspicious Event: Username contains ‘; could just be a typo as the user was trying to hit enter Attack Event: URL submitted with parameter containing 1=1—’

9 Detection Integrated into Code
Implementation Detection Integrated into Code Aspect (Filters), Code Level Exception ESAPI Response Access to User Object

10 Download AppSensor Beta Contact Me
Future Plans ESAPI Swing Set Demo Open Source Case Study Handling Scanners “On the web” Download AppSensor Beta Contact Me

Download ppt "OWASP AppSensor Michael Coates AppSensor Aspect Security"

Similar presentations

The Enterprise Business Center. #2 CyberSource Enterprise Business Center your payment processing dashboard ******** Log out security feature All tools.

The Enterprise Business Center. #2 CyberSource Enterprise Business Center your payment processing dashboard ******** Log out security feature All tools.
P u t y o u r h e a d o n m y s h o u l d e r.

P u t y o u r h e a d o n m y s h o u l d e r.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
OWASP. To ensure that strong simple security controls are available to every developer in every environment ESAPI Mission.

OWASP. To ensure that strong simple security controls are available to every developer in every environment ESAPI Mission.
Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.

Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
10 Steps To Agile Development Without Compromising Enterprise Security

10 Steps To Agile Development Without Compromising Enterprise Security
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Introducing Visual Studio ® LightSwitch™ Andrew Coates Microsoft DEV201 #auteched #dev201.

Introducing Visual Studio ® LightSwitch™ Andrew Coates Microsoft DEV201 #auteched #dev201.
Attack Detection and Prevention with OWASP AppSensor Colin Watson Watson Hall Ltd watsonhall.com.

Attack Detection and Prevention with OWASP AppSensor Colin Watson Watson Hall Ltd watsonhall.com.
JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao.

JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao.
A Data-Centric Web Application Security Framework Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans University of Virginia.

A Data-Centric Web Application Security Framework Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans University of Virginia.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
CSC-682 Advanced Computer Security Analyzing Websites for User-Visible Security Design Flaws Pompi Rotaru Based on an article by : Laura Falk, Atul Prakash,

CSC-682 Advanced Computer Security Analyzing Websites for User-Visible Security Design Flaws Pompi Rotaru Based on an article by : Laura Falk, Atul Prakash,
2015 – 2016 Training SAFE SCHOOLS. Your user name is your LESA email address. FIRST, YOU WILL RECEIVE AN EMAIL.

2015 – 2016 Training SAFE SCHOOLS. Your user name is your LESA address. FIRST, YOU WILL RECEIVE AN .
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
WCMS Updates January 18, 2012. Current version UW Base Profile 1.2 released in early December Highlights –Thumbnails for news and events –Improved promotional.

WCMS Updates January 18, Current version UW Base Profile 1.2 released in early December Highlights –Thumbnails for news and events –Improved promotional.

Similar presentations

Ads by Google