[Owasp-appsensor-project] Additional Detection Points - Suspicious External User Behavior

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:29:16 EDT 2010

Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 13:32:39 EST 2009

External (to the application) devices and systems (e.g. host and
network IDS, file integrity monitoring, disk usage monitoring,
anti-malware service, IPS, network firewall, web application firewall,
web server logging, XML gateway, database firewall, SIEM) have
detected anomalous behavior by the user (e.g. session or IP address).

Suggested categorization
In the suggested new category "Reputation" (see RP1 Suspicious User IP Address)
RP2 Suspicious External User Behavior

More information about the Owasp-appsensor-project mailing list