[Owasp-appsensor-project] AppSensor- a few ideas

Colin Watson colin.watson at owasp.org
Fri Sep 18 11:40:12 EDT 2009


Gaurav and Michael

I like these ideas of using data from other sources.  But there might
also be other non-application data, closer to home that could be
useful too.

How about:

a) web server logs (IPs that have raised error status codes, e.g. many 404s)
b) WAF anomaly scoring (e.g. a WAF in detect-only mode, passing on its
rating of the request [or response?] to the application)
c) syslogs?

Could it also be useful to think about segmenting an application so
that scoring/thresholds are set based on the risk and business
requirements?  An organisation might always want to allow a customer
response form to submit (maybe!), but might be less worried about
logging a user out if they were posting comments to a forum on the
site. The scoring/thresholds could also be adjusted based on the
location of the user: internal, remote office, trusted partner, guest,
unauthenticated, etc.

Regards

Colin


More information about the Owasp-appsensor-project mailing list