[Owasp-appsensor-project] Additional Detection Points - Detect Client Information

Michael Coates michael.coates at owasp.org
Thu Jun 10 19:13:51 EDT 2010


Agreed. This is a response action not a detection point. (But it is a 
good idea for a response action)

Michael Coates
OWASP


On 6/9/10 7:18 PM, John Melton wrote:
> I'm against this as a detection point.  It actually sounds like a 
> response action in our lingo.  This is about what do *I* do if I've 
> decided that the user has passed my threshold, not what did the *user* 
> do to pass my threshold.  Don't think this fits the detection point 
> category.
>
> On Wed, Jun 9, 2010 at 10:34 AM, Colin Watson <colin.watson at owasp.org 
> <mailto:colin.watson at owasp.org>> wrote:
>
>     Suggestion to add a new detection point.  Has this already been ruled
>     out?  Should it be added?  Is the description/categorization suitable?
>
>     Source
>     -----------------------------------
>     Just another idea - this one could be the most controversial since it
>     might be seen as an active attack on the user.  The idea is
>     information gathering rather than electronic counter measures.  After
>     all, logging a user out also affects them.
>
>     Description
>     -----------------------------------
>     At a certain threshold, deploy additional sensor(s) onto the client
>     such as. a Java applet to return the client's IP address,  JavaScript
>     to collect additional data about the user's environment (e.g.
>     Panopticlick http://panopticlick.eff.org/), or JavaScript to detect
>     local network information.  These actions must be consistent with the
>     application's terms of use, privacy notice and organizational
>     mandates.
>
>     Suggested categorization
>     -----------------------------------
>     In the suggested new category "Reputation" (see RP1 Suspicious
>     User IP Address)
>     RP6 Detect Client Information
>
>     *** This may instead be an AppSensor response action, even thought it
>     is deploying a new sensor ? ****
>     _______________________________________________
>     Owasp-appsensor-project mailing list
>     Owasp-appsensor-project at lists.owasp.org
>     <mailto:Owasp-appsensor-project at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100610/f44a3001/attachment.html 


More information about the Owasp-appsensor-project mailing list