[Owasp-appsensor-project] Additional Detection Points - Suspicious External User Behavior

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:29:16 EDT 2010


Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

Source
-----------------------------------
[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 13:32:39 EST 2009
https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000008.html

Description
-----------------------------------
External (to the application) devices and systems (e.g. host and
network IDS, file integrity monitoring, disk usage monitoring,
anti-malware service, IPS, network firewall, web application firewall,
web server logging, XML gateway, database firewall, SIEM) have
detected anomalous behavior by the user (e.g. session or IP address).

Suggested categorization
-----------------------------------
In the suggested new category "Reputation" (see RP1 Suspicious User IP Address)
RP2 Suspicious External User Behavior


More information about the Owasp-appsensor-project mailing list