[Owasp-appsensor-project] Additional Detection Points - Utilization of Common User Names

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:19:57 EDT 2010


Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

Source
-----------------------------------
[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 11:02:45 EST 2009
https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000007.html

Description
-----------------------------------
Common dictionary user names (e.g. "administrator", "admin" or "test")
are used to attempt to log into the application.  This may enhance the
seriousness of AE1 Use of Multiple Usernames.

Suggested categorization
-----------------------------------
AE12 Utilization of Common User Names

*** Or could just be an instance of proposed IE3 Violation of
Implemented Black Lists ? ***


More information about the Owasp-appsensor-project mailing list