[Owasp-appsensor-project] Additional Detection Points - Violation of Input Data Integrity

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:18:27 EDT 2010


Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

Source
-----------------------------------
[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 11:02:45 EST 2009
https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000007.html

Description
-----------------------------------
The application receives HTTP header or body parameter (argument?)
values which have been tampered with when no change should have
occurred (e.g. modification of hidden fields, alteration of select
list values).

Suggested categorization
-----------------------------------
IE4 Violation of Input Data Integrity

*** Is this different enough to ACE1 and ACE2 - it is more general
than direct object access ? ***


More information about the Owasp-appsensor-project mailing list