[Owasp-appsensor-project] Additional Detection Points - Detect Client Information

John Melton jtmelton at gmail.com
Wed Jun 9 22:18:28 EDT 2010


I'm against this as a detection point.  It actually sounds like a response
action in our lingo.  This is about what do *I* do if I've decided that the
user has passed my threshold, not what did the *user* do to pass my
threshold.  Don't think this fits the detection point category.

On Wed, Jun 9, 2010 at 10:34 AM, Colin Watson <colin.watson at owasp.org>wrote:

> Suggestion to add a new detection point.  Has this already been ruled
> out?  Should it be added?  Is the description/categorization suitable?
>
> Source
> -----------------------------------
> Just another idea - this one could be the most controversial since it
> might be seen as an active attack on the user.  The idea is
> information gathering rather than electronic counter measures.  After
> all, logging a user out also affects them.
>
> Description
> -----------------------------------
> At a certain threshold, deploy additional sensor(s) onto the client
> such as. a Java applet to return the client's IP address,  JavaScript
> to collect additional data about the user's environment (e.g.
> Panopticlick http://panopticlick.eff.org/), or JavaScript to detect
> local network information.  These actions must be consistent with the
> application's terms of use, privacy notice and organizational
> mandates.
>
> Suggested categorization
> -----------------------------------
> In the suggested new category "Reputation" (see RP1 Suspicious User IP
> Address)
> RP6 Detect Client Information
>
> *** This may instead be an AppSensor response action, even thought it
> is deploying a new sensor ? ****
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100609/9f307e4d/attachment-0001.html 


More information about the Owasp-appsensor-project mailing list