tag:blogger.com,1999:blog-7023583569207199066.post6313340403593964920..comments2023-09-20T04:27:04.523-10:00Comments on Manicode: Facebook Throttling Rate of New FriendsJim Manicohttp://www.blogger.com/profile/14447468633342290543noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-7023583569207199066.post-62810526435323984742009-02-19T11:54:00.000-10:002009-02-19T11:54:00.000-10:00Ofer, I think your comment is brilliant - to the p...Ofer, I think your comment is brilliant - to the point where the topic you are discussing is being considered for the next OWASP Top Ten.Jim Manicohttps://www.blogger.com/profile/12382834501997208557noreply@blogger.comtag:blogger.com,1999:blog-7023583569207199066.post-21049152602170360582009-02-18T12:03:00.000-10:002009-02-18T12:03:00.000-10:00I think that insufficient anti automation is fast ...I think that insufficient anti automation is fast becoming a major web application security issue. <BR/><BR/>According to the Web Hacking Incidents database which I run, "insufficient anti-automation" is fast becoming one of the two major threats to web applications. You can find some noteworthy insufficient anti automation incidents at http://www.xiom.com/whid-list/Automation. <BR/><BR/>However not all anti automation issues are reported as such at WHID, for example brute force attacks which are essentially also insufficient anti automation are usually classified as authentication issues.Ofer Shezafhttps://www.blogger.com/profile/09135836514568013142noreply@blogger.comtag:blogger.com,1999:blog-7023583569207199066.post-67057430426832898312009-02-16T08:17:00.000-10:002009-02-16T08:17:00.000-10:00This kind of defensive thinking is exactly what ou...This kind of defensive thinking is exactly what our applications need. <BR/><BR/>There is a normal use of the application, there's usage which may be excessive, and then there is down right irregularity that is malicious.<BR/><BR/>Detecting excessive anomalous user activity or malicious attacks from the user should generate a system alert and an automated response. These are exactly the types of issues we're tackling in the OWASP AppSensor project. Check it out if you're interested.<BR/><BR/>-MichaelMichael Coateshttps://www.blogger.com/profile/01776444965999374544noreply@blogger.com