Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Detecting suspicious behaviour in a web application - what to look for?

Tags:

security

web-applications

bots

I would like to ask the proactive (or paranoid;) among us: What are you looking for, and how?

I'm thinking mainly about things that can be watched for programmatically, rather than manually inspecting logs.

For example:

  • Manual/automated hack attempts.
  • Data skimming.
  • Bot registrations (that have evaded captcha etc.).
  • Other unwanted behaviour.

Just wondering what most people would consider practical and effective.

Preventative stuff (like user input sanitation) is of course crucial, but in the case of this question I'm more interested in detecting a potential threat. In this case I'm interested in the Burglar alarm, rather than the locks.

An example of the kind of thing I'm talking about exists here on SO. If you make too many modifications to a question in a short period of time, it brings up a captcha to make sure you're not a bot.

like image 923
UpTheCreek Avatar asked May 08 '10 17:05

UpTheCreek

People also ask

How do you test for suspicious behavior?

Leaving packages, bags or other items behind. Exhibiting unusual mental or physical symptoms. Unusual noises like screaming, yelling, gunshots or glass breaking. Individuals in a heated argument, yelling or cursing at each other.

What is a suspicious activity?

Suspicious activity is any observed behavior that could indicate a person may be involved in a crime or about to commit a crime.

1 Answers

Three pointers for you:

  1. Sanitize user input
  2. Sanitize user input
  3. Sanitize user input

Remeber it, and remember it good.

like image 173
LukeN Avatar answered Jun 03 '23 10:06

LukeN
Sign in to Comment

Related questions

Trouble instantiating a JavaKeyStore from file
Where to store password salt and how to get it
How can I get a list of Groups and User names for a given folder in C#
Bitstamp - new authentication in C# - signature
How do I write a manifest file for the new java security barriers
Which is more secure - iframe or CORS - for creating a widget intended for embedding on 3rd party sites?
String prediction through comparisons
How to prevent CRLF injection (Http response splitting) in php
Sharing REST tokens between servers
What's the difference between a reverse proxy and a gateway? [duplicate]
Nginx remove Secure Flag to Cookies from proxied server
How to identify Post Data is hacked using anti-forgery token
Mobile authentication using QR in web application
Django-OAuth-ToolKit : Generating access token's for multiple resources/services using client credentials grant type of OAuth2.0
What are the microarchitectural details behind MSBDS (Fallout)?
Anonymous users in Rails -- security considerations?
How can you prevent Man in the Browser attacks?
Are GUIDs generated on Windows 2003 safe to use as session IDs?
Secure version control
C# mysql connection practices

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!