[Owasp-appsensor-project] Additional Detection Points - Utilization of Common User Names

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:19:57 EDT 2010

Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 11:02:45 EST 2009

Common dictionary user names (e.g. "administrator", "admin" or "test")
are used to attempt to log into the application.  This may enhance the
seriousness of AE1 Use of Multiple Usernames.

Suggested categorization
AE12 Utilization of Common User Names

*** Or could just be an instance of proposed IE3 Violation of
Implemented Black Lists ? ***

More information about the Owasp-appsensor-project mailing list