AppSensor ResponseActions

=About This Document= These response actions are part of the OWASP AppSensor project which advocates bringing intelligent intrusion detection inside the application. These responses can be used to counter a malicious user that has been detected probing for vulnerabilities or weaknesses within your application.

=Overview=

The following table lists possible AppSensor Responses (ASRs), other than no response (ASR-P). The application response actions are categorized here from the user's perspective (not from the application/server's perspective):


 * Silent: User(s) unaware of any application change
 * Passive: Process altered, but user(s) may still continue to process completion
 * Active: Functionality reduced or disabled
 * Intrusive: Non-malicious action on user's system

''To add a response action, just use the next available letter (e.g. "ASR-Q") - they don't have to be in alphabetical order below, but place it in the appropriate category (silent, passive, active or intrusive). The image in the table below can be updated later to keep in step with the page content.''



A text version of the table, with some examples and alternative classifications, is described in (63 KB PDF). The information on the page below is likely to be more up-to-date.

=Detailed Listing=

Classifications are:


 * Purposes: Logging, Notifying, Disrupting and Blocking
 * Target: One, Some or All users
 * Response duration: Instantaneous (e.g. just for the request), Period (e.g. time period or session duration), Permanent