[keycloak-dev] OWASP App Sensor for Keycloak?
sthorger at redhat.com
Tue Sep 13 08:00:52 EDT 2016
On 13 September 2016 at 13:52, Stian Thorgersen <sthorger at redhat.com> wrote:
> Looks quite interesting. Not sure the event system is the correct place as
> it's really read-only so couldn't impact the login itself. Maybe an
> authenticator would be a better place to implement it.
> It could also be combined with having a risk level associated on users
> that can then be viewed in the admin console (from the MS vid you shared
> the other day).
> On 11 September 2016 at 01:44, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>> Hello group,
>> Just saw an interesting talk from Java Zone 2016 about
>> OWASP AppSensor which is a set of libraries that provide application
>> level intrusion detection.
>> The speaker (Dominik Schadow author of the german Book Java Web Security)
>> that having application level intrusion detection has the advantage of
>> taking application
>> context into account when assessing a user action compared to a web
>> application firewall that simply scans for "known" attack patterns.
>> I think this could be interesting for some public facing parts of
>> (login, account, password-reset, consent, admin-console, REST endpoints
>> AppSensor comes with a wide variety of predefined DetectionPoints.
>> These detection points can be used to identify a malicious user that is
>> probing for vulnerabilities or weaknesses:
>> This could be embedded into the Keycloak Event System by emitting
>> that could then be analyzed by an EventListener which then performs
>> appropriate actions,
>> e.g. logging a user out, lock a user or block the account or even IP
>> address for a while.
>> Talk: The Web Application Strikes Back
>> Example application: duke-encounters
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-dev