[keycloak-dev] OWASP App Sensor for Keycloak?

Stian Thorgersen sthorger at redhat.com
Tue Sep 13 08:00:52 EDT 2016


Added https://issues.jboss.org/browse/KEYCLOAK-3569

On 13 September 2016 at 13:52, Stian Thorgersen <sthorger at redhat.com> wrote:

> Looks quite interesting. Not sure the event system is the correct place as
> it's really read-only so couldn't impact the login itself. Maybe an
> authenticator would be a better place to implement it.
>
> It could also be combined with having a risk level associated on users
> that can then be viewed in the admin console (from the MS vid you shared
> the other day).
>
> On 11 September 2016 at 01:44, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
>> Hello group,
>>
>> Just saw an interesting talk from Java Zone 2016 about
>> OWASP AppSensor which is a set of libraries that provide application
>> level intrusion detection.
>>
>> The speaker (Dominik Schadow author of the german Book Java Web Security)
>> mentions
>> that having application level intrusion detection has the advantage of
>> taking application
>> context into account when assessing a user action compared to a web
>> application firewall that simply scans for "known" attack patterns.
>>
>> I think this could be interesting for some public facing parts of
>> Keycloak
>> (login, account, password-reset, consent, admin-console, REST endpoints
>> etc.)
>>
>> AppSensor comes with a wide variety of predefined DetectionPoints.
>> These detection points can be used to identify a malicious user that is
>> probing for vulnerabilities or weaknesses:
>> https://www.owasp.org/index.php/AppSensor_DetectionPoints
>>
>> This could be embedded into the Keycloak Event System by emitting
>> "IDS-Events"
>> that could then be analyzed by an EventListener which then performs
>> appropriate actions,
>> e.g. logging a user out, lock a user or block the account or even IP
>> address for a while.
>>
>> https://www.owasp.org/index.php/OWASP_AppSensor_Project
>>
>> http://www.appsensor.org/
>>
>> Talk: The Web Application Strikes Back
>> https://2016.javazone.no/program/the-web-application-strikes-back
>>
>> Example application: duke-encounters
>> https://github.com/dschadow/ApplicationIntrusionDetection
>>
>> Cheers,
>> Thomas
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160913/99859337/attachment.html 


More information about the keycloak-dev mailing list