[Owasp-appsensor-project] Additional Detection Points - Suspicious Client-Side Behavior

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:29:53 EDT 2010


Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

Source
-----------------------------------
[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 13:32:39 EST 2009
https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000008.html

Description
-----------------------------------
The application receives a report of client-side policy exceptions
(e.g. Firefox Content Security Policy violation report
https://wiki.mozilla.org/Security/CSP/Specification#Violation_Report_Syntax).

Suggested categorization
-----------------------------------
In the suggested new category "Reputation" (see RP1 Suspicious User IP Address)
RP3 Suspicious Client-Side Behavior


More information about the Owasp-appsensor-project mailing list