[Owasp-appsensor-project] New Unexpected Type/Quantity Detection Points

Colin Watson colin.watson at owasp.org
Wed Aug 3 09:11:58 EDT 2011


I have now at last added RE7 and RE8 to my document presented at AppSec DC 2010:

https://www.owasp.org/index.php/File:Appsensor-planning.zip

All the tables and charts have been updated.

This document also includes mention of a response action called "ASR-P
No Response" to be used when an event needs to be logged and a
positive record that no AppSensor response was triggered.  E.g. an
event which hasn't met the threshold.

The wiki has been updated with to mention ASR-P.

Colin

On 28 January 2011 13:03, Colin Watson <colin.watson at owasp.org> wrote:
> Added:
>
> http://www.owasp.org/index.php/AppSensor_DetectionPoints#RE7:_Unexpected_Quantity_of_Characters_in_Parameter
>
> http://www.owasp.org/index.php/AppSensor_DetectionPoints#RE8:_Unexpected_Type_of_Characters_in_Parameter
>
> http://www.owasp.org/index.php/OWASP_AppSensor_Project#tab=Detection_Points
>
> Colin
>
> On 2 November 2010 07:39, Colin Watson <colin.watson at owasp.org> wrote:
>> Ryan
>>
>> I think these are worth adding.  They are more general cases of the
>> AuthenticationException ones.  It is good to have both since
>> thresholds and responses may be different.
>>
>> I have a chart of relationships between detection points in my
>> presentation next week at AppSec DC 2010.  RE7 and RE8 won't be on it
>> though!
>>
>> Colin
>>
>> On 1 November 2010 18:47, Ryan Barnett <rcbarnett at gmail.com> wrote:
>>> I suggest that we add a new Detection Point in the RequestException category
>>> similar to the following AuthenticationException ones -
>>>
>>> 2.2.4 AE4: Unexpected Quantity of Characters in Username
>>> <http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE4:_Unexpected_Quantity_of_Characters_in_Username>
>>> 2.2.5 AE5: Unexpected Quantity of Characters in Password
>>> <http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE5:_Unexpected_Quantity_of_Characters_in_Password>
>>> 2.2.6 AE6: Unexpected Type of Character in Username
>>> <http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE6:_Unexpected_Type_of_Character_in_Username>
>>> 2.2.7 AE7: Unexpected Type of Character in Password
>>> <http://www.owasp.org/index.php/AppSensor_DetectionPoints#AE7:_Unexpected_Type_of_Character_in_Password>
>>>
>>> Instead of only focusing in on username/password parameters, the detection
>>> should be something like -
>>>
>>> 2.1.7 RE7: Unexpected Quantity of Characters in Parameter
>>> 2.1.8 RE8: Unexpected Type of Characters in Parameter
>>>
>>> BTW – I am working on these types of application profiling/learning
>>> detection points for additions to the ModSecurity CRS.
>>>
>>> -Ryan
>>>
>>> _______________________________________________
>>> Owasp-appsensor-project mailing list
>>> Owasp-appsensor-project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>>>
>>>
>>
>


More information about the Owasp-appsensor-project mailing list