Fork me on GitHub


Real-time event detection, analysis and response


The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response.

(The documentation is under a Creative Commons Attribution-ShareAlike 3.0 open-source license.)

Current Version: 2.0.1

Learn more »

In addition, the project also provides a reference implementation that allows developers to use these powerful concepts in existing applications.

(The tool is under an MIT open-source license.)

Current Versions: 2.3.0 (SNAPSHOT) and 2.3.0 (release)

Get Started »

Attacks are constant ... And they're not stopping.

The attacks against applications are growing in both volume and complexity. At the same time, we are deploying more complex applications at a faster rate than ever before. The result is that finding a successful attack against an application is almost always possible, and usually doesn't take that long.

You've implemented defenses ... But is it enough?

Development and security teams have spent a lot of time implementing defenses against a wide array of attacks. Some of these are very effective and others are not. The controls that have been implemented in applications already provide value, but with some minor modifications, they can do even more.

You don't actually know what's happening ... Because you can't see it.

This is a key realization. If you ask most developers and support teams, there is a shocking lack of visibility when it comes to security inside an application at runtime. There are good solutions for visibility into issues like performance, user analytics, and revenue generation. However, security doesn't have great visibility, yet ...

It sounds rough ... But there is hope.

The AppSensor project is designed to address these issues directly. We have provided a methodology and prescriptive guidance on how to deal with this unique set of problems. By leveraging existing controls (with slight modifications), and implementing new controls as needed, you can gain much better insight into the security posture of your application.

You can go beyond detection ... To response.

In addition to actually seeing what's going on inside your application, you can now define allowable behavior. If activity falls outside the acceptable profile, then the application can automatically respond. This makes your application self-defending. That is a very desirable capability if you're building serious applications.