[Owasp-appsensor-project] Additional Detection Points - Change To Application's Rating By A Third Party

Colin Watson colin.watson at owasp.org
Thu Jun 10 04:55:54 EDT 2010


John

Perhaps the best example I can think of is:

  "Google reports you have malware on your web pages"

Unless you subscribe to Google Webmaster Tools, you might not know
about this problem.

Colin

On 10 June 2010 03:13, John Melton <jtmelton at gmail.com> wrote:
> think this is a good idea, but again, don't think it falls under application
> intrusion detection - a 3rd party is doing the detection, then there may be
> a mechanism to use that data to make decisions.  These ideas are good enough
> to certainly be used, but I don't understand their classification as part of
> a app intr det. system.
>
> On Wed, Jun 9, 2010 at 10:30 AM, Colin Watson <colin.watson at owasp.org>
> wrote:
>>
>> Suggestion to add a new detection point.  Has this already been ruled
>> out?  Should it be added?  Is the description/categorization suitable?
>>
>> Source
>> -----------------------------------
>> Just another idea
>>
>> Description
>> -----------------------------------
>> The reputation (classification, score, etc) of the application (or its
>> servers) is changed by free or subscribed third party remote
>> monitoring/testing services (e.g. malware detection, phishing site
>> detection, uptime monitoring, reputation monitoring, spam and botnet
>> lists, SSL configuration testing, HTML, CSS, RSS and XML validators,
>> vulnerability scanners, penetration testing, DNS address, etc).  For
>> example, syntax errors are found in an application's user comments RSS
>> feed which may have been caused by incorrect output encoding.
>>
>> Suggested categorization
>> -----------------------------------
>> In the suggested new category "Reputation" (see RP1 Suspicious User IP
>> Address)
>> RP4 Change To Application's Rating By A Third Party
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>


More information about the Owasp-appsensor-project mailing list