[Owasp-appsensor-project] New Unexpected Type/Quantity Detection Points
Ryan Barnett
rcbarnett at gmail.com
Mon Nov 1 14:47:32 EDT 2010
I suggest that we add a new Detection Point in the RequestException category
similar to the following AuthenticationException ones -
* 2.2.4 AE4: Unexpected Quantity of Characters in Username
<http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE4:_Unexpected_Qu
antity_of_Characters_in_Username>
* 2.2.5 AE5: Unexpected Quantity of Characters in Password
<http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE5:_Unexpected_Qu
antity_of_Characters_in_Password>
* 2.2.6 AE6: Unexpected Type of Character in Username
<http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE6:_Unexpected_Ty
pe_of_Character_in_Username>
* 2.2.7 AE7: Unexpected Type of Character in Password
<http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE7:_Unexpected_Ty
pe_of_Character_in_Password>
Instead of only focusing in on username/password parameters, the detection
should be something like -
* 2.1.7 RE7: Unexpected Quantity of Characters in Parameter
* 2.1.8 RE8: Unexpected Type of Characters in Parameter
BTW I am working on these types of application profiling/learning
detection points for additions to the ModSecurity CRS.
-Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20101101/7d9c6e4f/attachment.html
More information about the Owasp-appsensor-project
mailing list