[Owasp-appsensor-project] Additional Detection Points - Violation of Input Data Integrity

John Melton jtmelton at gmail.com
Thu Jun 10 09:05:41 EDT 2010


agreed ... that sounds good then.

On Thu, Jun 10, 2010 at 4:17 AM, Colin Watson <colin.watson at owasp.org>wrote:

> John
>
> ACE1 and ACE2 mention "... for Direct Object Access Attempts"
> explicitly, but I was thinking that tampering with data is a wider
> subject.  It might just be some plain text or a date that doesn't
> reference an object, but it's still important to preserve the
> integrity of that.
>
> Colin
>
> On 10 June 2010 02:56, John Melton <jtmelton at gmail.com> wrote:
> > for this one, I don't think it's unique enough based on the
> > description ... get/post is already covered.  If you're talking about
> > creating "honeypot" parms as mentioned in the source file, then I'd
> > say sure, but not with the description as written.  Also, http header
> > manipulation might be unique enough, since cookies and get/post parms
> > are already covered.
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100610/0aaca89e/attachment-0001.html 


More information about the Owasp-appsensor-project mailing list