[Owasp-appsensor-project] New Detection Point Candidate: New Parent Category - OutputException (OE)

Colin Watson colin.watson at owasp.org
Mon Oct 3 07:59:57 EDT 2011


Ryan

You are going in overdrive with fantastic ideas!

I have been reluctant to move/delete any detection points in the past,
but it is certainly true the  DPs you mention are a bit different.  I
have used 'output/outcome/result-related' previously as a
view/classification of these types of detection points - so a
cross-cutting view instead of having their own specific category.  In
the same way we have signature vs. behavior, and attack vs.
suspicious, I would just classify some as 'output' instead of making a
new category.  My work on an XML format will hopefully make it easier
to re-order lists of DPs from lots of different views.

Of course as soon as I start thinking of input vs. output, it depends
on viewpoint.  A SQL data set could be considered an input to the
application.

But I like response time changes, but feel it maybe fits more
naturally in UT and/or ST?

Colin

On 30 September 2011 16:52, Ryan Barnett <ryan.barnett at owasp.org> wrote:
> We currently have InputException (IE) and this would be its counterpart and
> would include all issues related to inspecting the HTTP response.
> There are a number of current detection points that could move here -
>
> IE7: Detect Abnormal Content Output Structure – could actually move here to
> CIE2: Detect Abnormal Quantity of Returned Records
>
> There is also a new Detection Point for this category that I recommend -
> - Deviation from normal response time interval – which could detect if an
> application is under a resource DoS attack.
> So the new category could be this -
> OutputException (OE)
>
> OE1: Detect Abnormal Content Output Structure
> OE2: Detect Abnormal Quantity of Returned Records
> OE3: Deviation from normal response time interval
>
> Thoughts?
> --
> Ryan Barnett
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>


More information about the Owasp-appsensor-project mailing list