[Owasp-appsensor-project] Additional Detection Points - Change To Application's Rating By A Third Party

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:30:57 EDT 2010


Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

Source
-----------------------------------
Just another idea

Description
-----------------------------------
The reputation (classification, score, etc) of the application (or its
servers) is changed by free or subscribed third party remote
monitoring/testing services (e.g. malware detection, phishing site
detection, uptime monitoring, reputation monitoring, spam and botnet
lists, SSL configuration testing, HTML, CSS, RSS and XML validators,
vulnerability scanners, penetration testing, DNS address, etc).  For
example, syntax errors are found in an application's user comments RSS
feed which may have been caused by incorrect output encoding.

Suggested categorization
-----------------------------------
In the suggested new category "Reputation" (see RP1 Suspicious User IP Address)
RP4 Change To Application's Rating By A Third Party


More information about the Owasp-appsensor-project mailing list