I'm trying to build IDS(Intrusion detection system) for web app on Tomcat.
It needs to detect XSS, SQL injection, parameter tampering and slow HTTP.
For now, I have Filter that detects XSS and SQL injection. Now I need to do that as well for other two attacks.
The problem is, I don't have idea how to detect slow HTTP in Filter (not sure if it's possible).
Also, I'm not sure how to detect parameter tampering. I suppose I could make one application vulnerable in certain way on purpose, and then write filter to see that pattern.
But if I'm to make my Filter more generic in order to use it with other web apps, how can I detect parameter tampering in general?
I suggest you to have a look at OWASP AppSensor Project. It seems to respond to your needs