Monday, May 30, 2011

AppSensor - Intrusion Detection

Imagine that you have created a nice web application and secured it to your best. Users came, used it and everything was OK until someone stumbled upon vulnerability in your application and used it. Of course, you analyzed logs and found that the bad guy was looking for the vulnerability for weeks until he found one.

Creators of AppSensor intrusion detection framework believe that the above situation should not happen. The application should not just lie there and let itself beat with SQL injections, XSS attacks and whatever else. It should take active measures to protect itself. As the average attacker has to make several attempts to find the vulnerability in the application, it should by possible to detect hacking attempts.

AppSensor - Integration with Shiro

AppSensor is intrusion detection framework described in an another post. Out of the box version assumes that underlying application supports ESAPI interfaces. In this post, we will take an application secured by Shiro framework which does not support ESAPI and integrate it with AppSensor.

This post is only about integration. It does not show how to add AppSensor to the application, nor what it is, nor how to use it. All that can be found in AppSensor - Intrusion Detection post.