[Owasp-appsensor-project] Additional Detection Points - Violation of Input Data Integrity

John Melton jtmelton at gmail.com
Wed Jun 9 21:56:59 EDT 2010


for this one, I don't think it's unique enough based on the
description ... get/post is already covered.  If you're talking about
creating "honeypot" parms as mentioned in the source file, then I'd
say sure, but not with the description as written.  Also, http header
manipulation might be unique enough, since cookies and get/post parms
are already covered.

On Wed, Jun 9, 2010 at 10:18 AM, Colin Watson <colin.watson at owasp.org> wrote:
> Suggestion to add a new detection point.  Has this already been ruled
> out?  Should it be added?  Is the description/categorization suitable?
>
> Source
> -----------------------------------
> [Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 11:02:45 EST 2009
> https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000007.html
>
> Description
> -----------------------------------
> The application receives HTTP header or body parameter (argument?)
> values which have been tampered with when no change should have
> occurred (e.g. modification of hidden fields, alteration of select
> list values).
>
> Suggested categorization
> -----------------------------------
> IE4 Violation of Input Data Integrity
>
> *** Is this different enough to ACE1 and ACE2 - it is more general
> than direct object access ? ***
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>


More information about the Owasp-appsensor-project mailing list