[Owasp-appsensor-project] Additional Detection Points - Utilization of Common User Names

Colin Watson colin.watson at owasp.org
Fri Jun 11 04:37:29 EDT 2010


Michael

OK, I'll begin adding the agreed ones to the wiki where other people
can then edit and improve them too.

Colin

On 10 June 2010 22:13, Michael Coates <michael.coates at owasp.org> wrote:
> I agree this should be a separate detection point. Looks like AE12 is the
> next spot.  It would make sense to be near AE1, but I don't won't to
> rearrange any number assignements since they are already referenced by
> others (modsecurity). So we will just continue to iterate.
>
> Colin: can you add these directly to :
> http://www.owasp.org/index.php/AppSensor_DetectionPoints
>
> You'll have to copy and paste the wiki formatting from the previous
> detection point, but it shouldn't be too bad I hope.
>
> Michael Coates
> OWASP
>
> On 6/9/10 7:01 PM, John Melton wrote:
>
> I vote +1 for this .. while I see it could be part of IE3, I think it should
> probably be called out separately
>
> On Wed, Jun 9, 2010 at 10:19 AM, Colin Watson <colin.watson at owasp.org>
> wrote:
>>
>> Suggestion to add a new detection point.  Has this already been ruled
>> out?  Should it be added?  Is the description/categorization suitable?
>>
>> Source
>> -----------------------------------
>> [Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 11:02:45
>> EST 2009
>>
>> https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000007.html
>>
>> Description
>> -----------------------------------
>> Common dictionary user names (e.g. "administrator", "admin" or "test")
>> are used to attempt to log into the application.  This may enhance the
>> seriousness of AE1 Use of Multiple Usernames.
>>
>> Suggested categorization
>> -----------------------------------
>> AE12 Utilization of Common User Names
>>
>> *** Or could just be an instance of proposed IE3 Violation of
>> Implemented Black Lists ? ***
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>


More information about the Owasp-appsensor-project mailing list