[Owasp-appsensor-project] Interesting article - sounds like appsensor

Bennetts, Simon Simon.Bennetts at sage.com
Thu Jun 17 03:40:18 EDT 2010


I think that would cover it, with some extra text.
It might well be worth adding some 'standard' url attacks that people try, such as adding "debug=1" or "admin=true".
If you never use those url params then again you know its very likely to be an attack.

And a beer after the next meeting sounds like a good plan:)

Cheers,

Simon

________________________________________
From: Colin Watson [colin.watson at owasp.org]
Sent: 17 June 2010 03:27
To: owasp-appsensor-project
Cc: Bennetts, Simon
Subject: Re: [Owasp-appsensor-project] Interesting article - sounds like        appsensor

Hello Simon!

Sorry I didn't have time to speak further at the end (we'll have to
get a pub lined up next time).

Do you think this proposed new detector:

   https://lists.owasp.org/pipermail/owasp-appsensor-project/2010-June/000048.html

might cover what's needed, or perhaps when we add the text, give this
as a good example?

Colin

On 17 June 2010 08:17, Bennetts, Simon <Simon.Bennetts at sage.com> wrote:
> Re the 'mini honeypots': that would be me then :)
>
> Been lurking on this list for a while, but not had a chance to contribute anything.
>
> Looking at the list of detection points I'd like to propose another one.
> As I mentioned in the Newcastle talk I put hidden fields in some forms which look like potential vulnerabilities.
> For example you could have "admin" set to "false".
> Of course these sort of fields are really 'hacker traps' - they can never be changed by any normal user actions.
> If they are changed then its a very good indication that someone is trying to attack your app.
>
> I realise that you could class these in the existing ACE* set, but personally I think its work having a specific new point, if only to promote the idea of putting such 'traps' in for hackers.
>
> And thanks for the talks Conlin, both very interesting.
>
> Cheers,
>
> Simon
>
> ________________________________________
> From: owasp-appsensor-project-bounces at lists.owasp.org [owasp-appsensor-project-bounces at lists.owasp.org] On Behalf Of Colin Watson [colin.watson at owasp.org]
> Sent: 16 June 2010 17:49
> To: Michael Coates
> Cc: owasp-appsensor-project
> Subject: Re: [Owasp-appsensor-project] Interesting article - sounds like        appsensor
>
> No don't know him.
>
> The AppSensor talk at OWASP Leeds/North in Newcastle, UK went down
> very well this evening.  Lots of interest.  One guy already using mini
> honeypots in their apps (checking for modification to otherwise
> useless hidden fields).
>
> Colin
>
> On 16 June 2010 19:15, Michael Coates <michael.coates at owasp.org> wrote:
>> Actually it does.  I'd like to introduce the AppSensor project to Dave
>> Aitel.  Does anyone know him and would be willing to pass along this info or
>> introduce us?
>>
>> Michael Coates
>> OWASP
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
> If you've received this email by mistake, we're sorry for bothering you. It may contain information that's confidential, so please delete it without sharing it. And if you let us know, we can try to stop it from happening again. Thank you.
>
> We may monitor any emails sent or received by us, or on our behalf. If we do, this will be in line with relevant law and our own policies.
>
> Sage (UK) Limited. Registered in England at North Park, Newcastle upon Tyne, NE13 9AA. Registered number 1045967.
>
If you've received this email by mistake, we're sorry for bothering you. It may contain information that's confidential, so please delete it without sharing it. And if you let us know, we can try to stop it from happening again. Thank you. 

We may monitor any emails sent or received by us, or on our behalf. If we do, this will be in line with relevant law and our own policies.

Sage (UK) Limited. Registered in England at North Park, Newcastle upon Tyne, NE13 9AA. Registered number 1045967.


More information about the Owasp-appsensor-project mailing list