[keycloak-dev] OWASP App Sensor for Keycloak?

Thomas Darimont thomas.darimont at googlemail.com
Sat Sep 10 19:44:33 EDT 2016

Hello group,

Just saw an interesting talk from Java Zone 2016 about
OWASP AppSensor which is a set of libraries that provide application level
intrusion detection.

The speaker (Dominik Schadow author of the german Book Java Web Security)
that having application level intrusion detection has the advantage of
taking application
context into account when assessing a user action compared to a web
application firewall that simply scans for "known" attack patterns.

I think this could be interesting for some public facing parts of Keycloak
(login, account, password-reset, consent, admin-console, REST endpoints

AppSensor comes with a wide variety of predefined DetectionPoints.
These detection points can be used to identify a malicious user that is
probing for vulnerabilities or weaknesses:

This could be embedded into the Keycloak Event System by emitting
that could then be analyzed by an EventListener which then performs
appropriate actions,
e.g. logging a user out, lock a user or block the account or even IP
address for a while.



Talk: The Web Application Strikes Back

Example application: duke-encounters

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160911/d1cca76d/attachment.html 

More information about the keycloak-dev mailing list