[Owasp-appsensor-project] Change to Detection Points - ACE3 Force Browsing Attempts

John Melton jtmelton at gmail.com
Wed Jun 9 22:19:12 EDT 2010


+1 for me

On Wed, Jun 9, 2010 at 10:34 AM, Colin Watson <colin.watson at owasp.org>wrote:

> Suggestion to CHANGE an existing detection point.  Has this already
> been ruled out?  Should it be changed?
>
> Source
> -----------------------------------
> Just another idea
>
> Description
> -----------------------------------
> Request for non-existent resources should include all content types,
> not just pages.  It is also useful to record this for unauthenticated
> users where the data may still be identified with a session or IP
> address.
>
> 1. Leave name unchanged (i.e. keep as "Force Browsing Attempts")
>
> 2. Change description to "Authenticated or unauthenticated user sends
> a request for a non-existent resource (e.g. page, directory listing,
> image, file, etc), or a resource that is not authorized for that user"
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100609/3726a37f/attachment.html 


More information about the Owasp-appsensor-project mailing list