[keycloak-dev] OWASP App Sensor for Keycloak?
Stian Thorgersen
sthorger at redhat.com
Tue Sep 13 07:52:49 EDT 2016
Looks quite interesting. Not sure the event system is the correct place as
it's really read-only so couldn't impact the login itself. Maybe an
authenticator would be a better place to implement it.
It could also be combined with having a risk level associated on users that
can then be viewed in the admin console (from the MS vid you shared the
other day).
On 11 September 2016 at 01:44, Thomas Darimont <
thomas.darimont at googlemail.com> wrote:
> Hello group,
>
> Just saw an interesting talk from Java Zone 2016 about
> OWASP AppSensor which is a set of libraries that provide application level
> intrusion detection.
>
> The speaker (Dominik Schadow author of the german Book Java Web Security)
> mentions
> that having application level intrusion detection has the advantage of
> taking application
> context into account when assessing a user action compared to a web
> application firewall that simply scans for "known" attack patterns.
>
> I think this could be interesting for some public facing parts of Keycloak
> (login, account, password-reset, consent, admin-console, REST endpoints
> etc.)
>
> AppSensor comes with a wide variety of predefined DetectionPoints.
> These detection points can be used to identify a malicious user that is
> probing for vulnerabilities or weaknesses:
> https://www.owasp.org/index.php/AppSensor_DetectionPoints
>
> This could be embedded into the Keycloak Event System by emitting
> "IDS-Events"
> that could then be analyzed by an EventListener which then performs
> appropriate actions,
> e.g. logging a user out, lock a user or block the account or even IP
> address for a while.
>
> https://www.owasp.org/index.php/OWASP_AppSensor_Project
>
> http://www.appsensor.org/
>
> Talk: The Web Application Strikes Back
> https://2016.javazone.no/program/the-web-application-strikes-back
>
> Example application: duke-encounters
> https://github.com/dschadow/ApplicationIntrusionDetection
>
> Cheers,
> Thomas
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160913/53f3a1da/attachment-0001.html
More information about the keycloak-dev
mailing list