[Owasp-appsensor-project] Additional Detection Points - Violation of Input Data Integrity

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:18:27 EDT 2010

Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 11:02:45 EST 2009

The application receives HTTP header or body parameter (argument?)
values which have been tampered with when no change should have
occurred (e.g. modification of hidden fields, alteration of select
list values).

Suggested categorization
IE4 Violation of Input Data Integrity

*** Is this different enough to ACE1 and ACE2 - it is more general
than direct object access ? ***

More information about the Owasp-appsensor-project mailing list