[Owasp-appsensor-project] Additional Detection Points - Suspicious External User Behavior

John Melton jtmelton at gmail.com
Wed Jun 9 22:09:42 EDT 2010


Not sure I'm on board with this one ... someone else can correct me if I'm
wrong, but this actually doesn't fit in the "application" doing detection.
By definition, something outside the app is doing the detection and is
feeding that info to the app.  I think these are worthwhile sensors that can
produce data that an application could use to make decisions, but as for it
being considered app detection, I don't generally see these as falling into
that category.  I may be convinced otherwise however :>.

On Wed, Jun 9, 2010 at 10:29 AM, Colin Watson <colin.watson at owasp.org>wrote:

> Suggestion to add a new detection point.  Has this already been ruled
> out?  Should it be added?  Is the description/categorization suitable?
>
> Source
> -----------------------------------
> [Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 13:32:39 EST
> 2009
> https://lists.owasp.org/pipermail/owasp-appsensor-project
> On Wed, Jun 9, 2010 at 10:29 AM, Colin Watson <colin.watson at owasp.org>wrote:
> Suggestion to add a new detection point.  Has this already been ruled
> out?  Should it be added?  Is the description/categorization suitable?
> /2009-November/000008.html<https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000008.html>
>
> Description
> -----------------------------------
> External (to the application) devices and systems (e.g. host and
> network IDS, file integrity monitoring, disk usage monitoring,
> anti-malware service, IPS, network firewall, web application firewall,
> web server logging, XML gateway, database firewall, SIEM) have
> detected anomalous behavior by the user (e.g. session or IP address).
>
> Suggested categorization
> -----------------------------------
> In the suggested new category "Reputation" (see RP1 Suspicious User IP
> Address)
> RP2 Suspicious External User Behavior
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100609/86e36909/attachment.html 


More information about the Owasp-appsensor-project mailing list