Custom detection points are not looked up for possible responses

Question

Custom detection points are not looked up for possible responses

Opened this issue a year ago · 1 comments

org.owasp.appsensor.analysis.ReferenceAttackAnalysisEngine's method findPossibleResponses doesn't look up also custom detection points for possible responses.
Is this an intended behaviour or it is a bug?

I have almost ported the code to Javascript.
In one of my tests, I configured custom detection poin and generate events of it.
org.owasp.appsensor.analysis.ReferenceEventAnalysisEngine in analyze method takes advantage of org.owasp.appsensor.core.configuration.server.ServerConfiguration's findDetectionPoints method which looks up custom detection poins as well.
When an attack of this detection point is analyzed by org.owasp.appsensor.analysis.ReferenceAttackAnalysisEngine, it doesn't
find possible response and corresponding generated response's action is empty.

Thank you very much for your great code.

Kind regards,
Spas Iliev

Answer 1 · 2023-06-27T08:06:14.000Z

Hello,

I see #35 and the reason behind to override some aspects of detection points.
I used to think of client/custom detection points as an extension (e.g. Z01) to the points described in the reference of AppSensor Guide v. 2.0.

I think in both cases the question still stands: Why not to override the response as well?

Kind regards,
Spas Iliev