[Owasp-appsensor-project] Change to Detection Points - SE6 Change Of User Agent Mid Session

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:35:17 EDT 2010


Suggestion to CHANGE an existing detection point.  Has this already
been ruled out?  Should it be changed?

Source
-----------------------------------
Just another idea

Description
-----------------------------------
Other headers such as Accept-Encoding and Accept-Language can be used
to help detect a session being used by someone else.  It could relate
to public resources too (i.e. unauthenticated users).

1. Leave name unchanged (i.e. keep as "Change Of User Agent Mid Session")

2. Change first sentence of description to "The header User-Agent or
Accept-Encoding or Accept-Language change during an authenticated
session."

3. Removed the word "authenticated" from above sentence?

*** Or split this idea out into a new sensor e.g. SE7? ***


More information about the Owasp-appsensor-project mailing list