[Owasp-appsensor-project] Change to Detection Points - SE5 Source IP Address Changes During Session

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:35:05 EDT 2010


Suggestion to CHANGE an existing detection point.  Has this already
been ruled out?  Should it be changed?

Source
-----------------------------------
[Owasp-appsensor-project] AppSensor- a few ideas, Fri Sep 18 10:30:31 EDT 2009
https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-September/000005.html

Description
-----------------------------------
Rather than a single IP Address, make the sensor specification broader
to also allow ASN check instead.

1. Leave name unchanged (i.e. keep as "Source IP Address Changes
During Session")

2. Change description to "Valid requests, containing valid session
credentials, are received from multiple source IP addresses or source
IP address ranges or source Autonomous System Number (ASN)"

Reference http://www.apnic.net/services/services-apnic-provides/helpdesk/faqs/asn-faqs


More information about the Owasp-appsensor-project mailing list