[WEB SECURITY] Fraud detection system

Colin Watson colin at watsonhall.com
Fri Jun 22 03:43:49 EDT 2012 

Frederic

Either, the analysis could be performed at the application level, or by an analysis engine.

Colin


----- Original Message -----
From: Lebeau Frederic
[mailto:frederic.lebeau at websurf.be]
To: Colin Watson
[mailto:colin at watsonhall.com]
Sent: Wed, 20 Jun 2012 15:25:50 +0100
Subject:
Re: Fraud detection system


> Dos these rules should be implemented at application level or it could be
> done afterwards based on "powerfull" data analysis engine?
> 
> On Tue, Jun 19, 2012 at 9:15 AM, Colin Watson <colin at watsonhall.com> wrote:
> 
> > Frederic
> >
> > Yes, you have to come up with some rules, but it could be implemented in a
> > manner that collects all anomalies and analyses that data. And as Greg
> > says, it depends on the context.
> >
> > What you might consider to be fraudulent for one user you might let
> > another user get away with (within limits).
> >
> > Colin
> >
> >
> > ----- Original Message -----
> > From: Lebeau Frederic
> > [mailto:frederic.lebeau at websurf.be]
> > To: Colin Watson
> > [mailto:colin at watsonhall.com]
> > Sent: Mon, 18 Jun 2012 20:56:53 +0100
> > Subject:
> > Re: Fraud detection system
> >
> >
> > > Hello,
> > > i m avare about this project ans we havé starter its implémentation in
> > our
> > > applications.
> > > However, it s not like intelligent system which analisis behaviors. It
> > > requires some programmation each time we would like to detect new
> > patterns
> > > and scenarion? Right? Am i wrong?
> > >
> > > However, the idea of the project is very good ;)
> > >
> > > Le lundi 18 juin 2012, Colin Watson a écrit :
> > >
> > > > Frederic
> > > >
> > > > If your application can assess a user's behaviour, it could also make
> > > > decisions on business-rules concerning attempted fraud, or signal
> > > > information that might be of use to external fraud analysis engines
> > which
> > > > often do not know the context of a suspicious event.
> > > >
> > > > I contribute some effort to OWASP's AppSensor project, which provides
> > some
> > > > ideas along these lines:
> > > >
> > > >    https://www.owasp.org/index.php/OWASP_AppSensor_Project
> > > >
> > > >    http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3
> > > >
> > > >
> > > >
> > >
> >
> http://michael-coates.blogspot.com/2010/06/online-presentation-thursday-automated.html
> > > >
> > > >
> > > >
> > >
> >
> http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-0-Issue.pdf
> > > >
> > > >
> > > >
> > >
> >
> http://www.jtmelton.com/2012/05/01/year-of-security-for-java-week-18-perform-application-layer-intrusion-detection/
> > > >
> > > > Regards
> > > >
> > > > Colin
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: Lebeau Frederic
> > > > [mailto:frederic.lebeau at websurf.be <javascript:;>]
> > > > To: websecurity at webappsec.org <javascript:;>
> > > > Sent: Sat,
> > > > 16 Jun 2012 19:55:14 +0100
> > > > Subject: [WEB SECURITY] Fraud detection system
> > > >
> > > >
> > > > > Hello,
> > > > >
> > > > > I'm wondering if there are some stuffs to do at application level to
> > > > > increvable efficuency of fraud detection system?
> > > > >
> > > > > Thanks
> > > > >
> > > >
> > >
> >
>

More information about the websecurity mailing list