[Owasp-appsensor-project] Additional Detection Points - Utilization of Common User Names

John Melton jtmelton at gmail.com
Wed Jun 9 22:01:30 EDT 2010


I vote +1 for this .. while I see it could be part of IE3, I think it should
probably be called out separately

On Wed, Jun 9, 2010 at 10:19 AM, Colin Watson <colin.watson at owasp.org>wrote:

> Suggestion to add a new detection point.  Has this already been ruled
> out?  Should it be added?  Is the description/categorization suitable?
>
> Source
> -----------------------------------
> [Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 11:02:45 EST
> 2009
>
> https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000007.html
>
> Description
> -----------------------------------
> Common dictionary user names (e.g. "administrator", "admin" or "test")
> are used to attempt to log into the application.  This may enhance the
> seriousness of AE1 Use of Multiple Usernames.
>
> Suggested categorization
> -----------------------------------
> AE12 Utilization of Common User Names
>
> *** Or could just be an instance of proposed IE3 Violation of
> Implemented Black Lists ? ***
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100609/90d081d4/attachment.html 


More information about the Owasp-appsensor-project mailing list