[Owasp-appsensor-project] AppSensor Response Actions

Stephanie S security.stephanie at gmail.com
Fri Sep 21 20:10:54 UTC 2012


I'm thinking about implementing the concept of AppSensor in my project and
am wondering about the thresholds for Response Actions.

For example, if a user has had a number of input violation errors that are
clearly related to attempts to circumvent the application, should the
internal tracking of this activity be limited to the user's current
session? Or persist session to session?

For example, if the system has a threshold of 3 violations before logout
and in the current session the user has had 3 violations, that would
constitute a logout. But if the user in the current session had 2
violations, logged out, then logged back in, and had another violation,
should the logout occur?

Basically, I'm asking -- is there a recommended basis for interval that
this occurs? By session or by a time period like 24 hours?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20120921/c960ccbe/attachment.html>

More information about the Owasp-appsensor-project mailing list