[Owasp-appsensor-project] Change to Detection Points - SE6 Change Of User Agent Mid Session

Colin Watson colin.watson at owasp.org
Thu Jun 10 03:41:48 EDT 2010


> I vote for splitting out into a new issue, since the name does denote the
> user agent changing, which most people associate w/ that one header, for
> better or worse.

Yes, the name perhaps restricts the change.  It's just that its quite
like very similar code could be used to record/check this e.g. a
single hash of a concatenation of the three headers stored with
against the session.

Maybe SE6 could say "optionally also include...." if we are allowing
the detection points to be less prescriptive?


More information about the Owasp-appsensor-project mailing list