[Owasp-appsensor-project] Additional Detection Points - Violation of Input Data Integrity
jtmelton at gmail.com
Thu Jun 10 09:05:41 EDT 2010
agreed ... that sounds good then.
On Thu, Jun 10, 2010 at 4:17 AM, Colin Watson <colin.watson at owasp.org>wrote:
> ACE1 and ACE2 mention "... for Direct Object Access Attempts"
> explicitly, but I was thinking that tampering with data is a wider
> subject. It might just be some plain text or a date that doesn't
> reference an object, but it's still important to preserve the
> integrity of that.
> On 10 June 2010 02:56, John Melton <jtmelton at gmail.com> wrote:
> > for this one, I don't think it's unique enough based on the
> > description ... get/post is already covered. If you're talking about
> > creating "honeypot" parms as mentioned in the source file, then I'd
> > say sure, but not with the description as written. Also, http header
> > manipulation might be unique enough, since cookies and get/post parms
> > are already covered.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-appsensor-project