[Owasp-appsensor-project] New Unexpected Type/Quantity Detection Points
colin.watson at owasp.org
Wed Aug 3 09:11:58 EDT 2011
I have now at last added RE7 and RE8 to my document presented at AppSec DC 2010:
All the tables and charts have been updated.
This document also includes mention of a response action called "ASR-P
No Response" to be used when an event needs to be logged and a
positive record that no AppSensor response was triggered. E.g. an
event which hasn't met the threshold.
The wiki has been updated with to mention ASR-P.
On 28 January 2011 13:03, Colin Watson <colin.watson at owasp.org> wrote:
> On 2 November 2010 07:39, Colin Watson <colin.watson at owasp.org> wrote:
>> I think these are worth adding. They are more general cases of the
>> AuthenticationException ones. It is good to have both since
>> thresholds and responses may be different.
>> I have a chart of relationships between detection points in my
>> presentation next week at AppSec DC 2010. RE7 and RE8 won't be on it
>> On 1 November 2010 18:47, Ryan Barnett <rcbarnett at gmail.com> wrote:
>>> I suggest that we add a new Detection Point in the RequestException category
>>> similar to the following AuthenticationException ones -
>>> 2.2.4 AE4: Unexpected Quantity of Characters in Username
>>> 2.2.5 AE5: Unexpected Quantity of Characters in Password
>>> 2.2.6 AE6: Unexpected Type of Character in Username
>>> 2.2.7 AE7: Unexpected Type of Character in Password
>>> Instead of only focusing in on username/password parameters, the detection
>>> should be something like -
>>> 2.1.7 RE7: Unexpected Quantity of Characters in Parameter
>>> 2.1.8 RE8: Unexpected Type of Characters in Parameter
>>> BTW – I am working on these types of application profiling/learning
>>> detection points for additions to the ModSecurity CRS.
>>> Owasp-appsensor-project mailing list
>>> Owasp-appsensor-project at lists.owasp.org
More information about the Owasp-appsensor-project