[WEB SECURITY] Fraud detection system
Greg Knaddison
greg.knaddison at acquia.com
Mon Jun 18 16:01:01 EDT 2012
On Mon, Jun 18, 2012 at 10:53 AM, Christoph Gruber <list at guru.at> wrote:
>
> Fraud is activity which cannot be detected at this layer. You should look for fraud detection software for your transaction system at the backend.
>
That seems like a claim that needs more proof or more explanation.
I would say you can look for attempts at fraud at the web application
layer. If a user is presented a form that includes a dropdown with
some options and they send back a POST that includes options they
don't have access to this is a detectable fraudulent action. When
faced with that behavior some applications will simply deny the action
while others will log it and block access - the appropriate behavior
depends on the context.
Regards,
Greg
--
Director Security Services | +1-720-310-5623
Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com
More information about the websecurity
mailing list