[Owasp-appsensor-project] Additional Detection Points - Detect Client Information

Colin Watson colin.watson at owasp.org
Fri Jun 11 04:36:19 EDT 2010


Michael and John

I agree - not a new detector then.  I'll make some scribblings about
alternative response actions.

Colin

On 11 June 2010 00:13, Michael Coates <michael.coates at owasp.org> wrote:
> Agreed. This is a response action not a detection point. (But it is a good
> idea for a response action)
>
> Michael Coates
> OWASP
>
> On 6/9/10 7:18 PM, John Melton wrote:
>
> I'm against this as a detection point.  It actually sounds like a response
> action in our lingo.  This is about what do *I* do if I've decided that the
> user has passed my threshold, not what did the *user* do to pass my
> threshold.  Don't think this fits the detection point category.
>
> On Wed, Jun 9, 2010 at 10:34 AM, Colin Watson <colin.watson at owasp.org>
> wrote:
>>
>> Suggestion to add a new detection point.  Has this already been ruled
>> out?  Should it be added?  Is the description/categorization suitable?
>>
>> Source
>> -----------------------------------
>> Just another idea - this one could be the most controversial since it
>> might be seen as an active attack on the user.  The idea is
>> information gathering rather than electronic counter measures.  After
>> all, logging a user out also affects them.
>>
>> Description
>> -----------------------------------
>> At a certain threshold, deploy additional sensor(s) onto the client
>> such as. a Java applet to return the client's IP address,  JavaScript
>> to collect additional data about the user's environment (e.g.
>> Panopticlick http://panopticlick.eff.org/), or JavaScript to detect
>> local network information.  These actions must be consistent with the
>> application's terms of use, privacy notice and organizational
>> mandates.
>>
>> Suggested categorization
>> -----------------------------------
>> In the suggested new category "Reputation" (see RP1 Suspicious User IP
>> Address)
>> RP6 Detect Client Information
>>
>> *** This may instead be an AppSensor response action, even thought it
>> is deploying a new sensor ? ****
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>


More information about the Owasp-appsensor-project mailing list