HackDig : Dig high-quality web security articles for hacker

OWASP AppSensor Code v2.0.0 Final Release

2015-01-30 16:15

I was extremely pleased to read yesterday that the final version of the new AppSensor reference implementation has been published following three previous release candidates.

Screen capture from the AppSensor microsite developed by John Melton for the OWASP AppSensor Project

The OWASP AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response.

John Melton with the help of other code contributors and feedback from the project's code development mailing list have finished a complete overhaul of the previous code. In the words of the version 2.0.0 announcement, the most significant changes are:

  • Client-server architecture supporting multiple communication modes including: REST, SOAP, Thrift, local (shared JVM, java-only)
  • Any language can be used on the client application. The only requirement is that the language selected must support the communication protocol of the execution mode that is configured (i.e. if using REST as the execution mode, the language must be capable of making HTTP requests.) The server-side components are Java, but this places no restriction on the client applications themselves
  • There is no longer a hard dependency on [OWASP] ESAPI. AppSensor is a standalone project, though it can be integrated with projects that also use ESAPI if desired
  • The core components of the system have been renamed and now follow the AppSensor v2 book naming conventions, which is based on standard IDS terminology for clarity
  • Basic user correlation is supported so that client applications that share a user base (SSO) can share attack detection/response information.

John also created a special AppSensor microsite.

This is all free to use (see code licence). Begin using the new code with the getting started information.


Source: esaeleR-laniF-002v-edoC-rosneSppA-PSAWO/03/1/5102/ku.rellewdnekrelc.www

Read:2951 | Comments:0 | Tags:logging automation ids technical threats operation developme

“OWASP AppSensor Code v2.0.0 Final Release”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud