[Owasp-appsensor-project] Change to Detection Points - SE6 Change Of User Agent Mid Session

Michael Coates michael.coates at owasp.org
Thu Jun 10 19:17:17 EDT 2010


I think I'd rather go with Colin's change suggestion. I don't really 
want 2 or 3 detection points all trying to capture the same idea and 
only differing by the header value they are discussing.  We can help 
educate people here at the same time :)

Michael Coates
OWASP


On 6/9/10 7:21 PM, John Melton wrote:
> I vote for splitting out into a new issue, since the name does denote 
> the user agent changing, which most people associate w/ that one 
> header, for better or worse.
>
> On Wed, Jun 9, 2010 at 10:35 AM, Colin Watson <colin.watson at owasp.org 
> <mailto:colin.watson at owasp.org>> wrote:
>
>     Suggestion to CHANGE an existing detection point.  Has this already
>     been ruled out?  Should it be changed?
>
>     Source
>     -----------------------------------
>     Just another idea
>
>     Description
>     -----------------------------------
>     Other headers such as Accept-Encoding and Accept-Language can be used
>     to help detect a session being used by someone else.  It could relate
>     to public resources too (i.e. unauthenticated users).
>
>     1. Leave name unchanged (i.e. keep as "Change Of User Agent Mid
>     Session")
>
>     2. Change first sentence of description to "The header User-Agent or
>     Accept-Encoding or Accept-Language change during an authenticated
>     session."
>
>     3. Removed the word "authenticated" from above sentence?
>
>     *** Or split this idea out into a new sensor e.g. SE7? ***
>     _______________________________________________
>     Owasp-appsensor-project mailing list
>     Owasp-appsensor-project at lists.owasp.org
>     <mailto:Owasp-appsensor-project at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100610/8a10442f/attachment.html 


More information about the Owasp-appsensor-project mailing list