[Owasp-appsensor-project] Additional Detection Points - Change To Application's Rating By A Third Party

Colin Watson colin.watson at owasp.org
Fri Jun 11 04:43:26 EDT 2010


Michael

I agree we probably can't tie these types of events to a particular
user and therefore, they are not perhaps suitable for AppSensor.

There might be another project coming along (called
ConfigurationSensor?) that includes this and Kevin's navel-gazing
ideas.

Colin

On 11 June 2010 00:09, Michael Coates <michael.coates at owasp.org> wrote:
> I'm not sure I completely understand this one.  How would SSL configuration
> testing be tied to a malicious user?  For your specific example of RSS
> feeds, it may be tough to reliably determine if this was a user initiated
> malicious action or just a software bug.
>
> Michael Coates
> OWASP
>
> On 6/9/10 7:13 PM, John Melton wrote:
>
> think this is a good idea, but again, don't think it falls under application
> intrusion detection - a 3rd party is doing the detection, then there may be
> a mechanism to use that data to make decisions.  These ideas are good enough
> to certainly be used, but I don't understand their classification as part of
> a app intr det. system.
>
> On Wed, Jun 9, 2010 at 10:30 AM, Colin Watson <colin.watson at owasp.org>
> wrote:
>>
>> Suggestion to add a new detection point.  Has this already been ruled
>> out?  Should it be added?  Is the description/categorization suitable?
>>
>> Source
>> -----------------------------------
>> Just another idea
>>
>> Description
>> -----------------------------------
>> The reputation (classification, score, etc) of the application (or its
>> servers) is changed by free or subscribed third party remote
>> monitoring/testing services (e.g. malware detection, phishing site
>> detection, uptime monitoring, reputation monitoring, spam and botnet
>> lists, SSL configuration testing, HTML, CSS, RSS and XML validators,
>> vulnerability scanners, penetration testing, DNS address, etc).  For
>> example, syntax errors are found in an application's user comments RSS
>> feed which may have been caused by incorrect output encoding.
>>
>> Suggested categorization
>> -----------------------------------
>> In the suggested new category "Reputation" (see RP1 Suspicious User IP
>> Address)
>> RP4 Change To Application's Rating By A Third Party
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>


More information about the Owasp-appsensor-project mailing list