[Owasp-appsensor-project] Additional Detection Points - Change To Application's Rating By A Third Party

John Melton jtmelton at gmail.com
Wed Jun 9 22:13:58 EDT 2010


think this is a good idea, but again, don't think it falls under application
intrusion detection - a 3rd party is doing the detection, then there may be
a mechanism to use that data to make decisions.  These ideas are good enough
to certainly be used, but I don't understand their classification as part of
a app intr det. system.

On Wed, Jun 9, 2010 at 10:30 AM, Colin Watson <colin.watson at owasp.org>wrote:

> Suggestion to add a new detection point.  Has this already been ruled
> out?  Should it be added?  Is the description/categorization suitable?
>
> Source
> -----------------------------------
> Just another idea
>
> Description
> -----------------------------------
> The reputation (classification, score, etc) of the application (or its
> servers) is changed by free or subscribed third party remote
> monitoring/testing services (e.g. malware detection, phishing site
> detection, uptime monitoring, reputation monitoring, spam and botnet
> lists, SSL configuration testing, HTML, CSS, RSS and XML validators,
> vulnerability scanners, penetration testing, DNS address, etc).  For
> example, syntax errors are found in an application's user comments RSS
> feed which may have been caused by incorrect output encoding.
>
> Suggested categorization
> -----------------------------------
> In the suggested new category "Reputation" (see RP1 Suspicious User IP
> Address)
> RP4 Change To Application's Rating By A Third Party
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100609/c729e454/attachment.html 


More information about the Owasp-appsensor-project mailing list