AppSensor: Attack-aware applications compared against a web application firewall and an intrusion detection system

Abstract

The thesis takes a look at the OWASP AppSensor project. The OWASP AppSensor project is about the idea of detecting attacks inside the applicaiton. The thesis compares OWASP AppSensor against both a web application firewall and an intrusion detection system. The comparison is based both on a short litterature study and an experiment performed. The experiment was a set of attacks based on OWASP top ten list which were executed against a simple bank web application. In the experiment the intrusion detection systems, web application firewall and the AppSensor detection points inside the application was tested to see which attacks they where able to detect. The results were quite satisfying for both the web application firewall and AppSensor meanin that they detected many attacks but AppSensors detection was slightly better.