CW
Colin Watson
Fri, Jun 22, 2012 7:43 AM
Frederic
Either, the analysis could be performed at the application level, or by an analysis engine.
Colin
----- Original Message -----
From: Lebeau Frederic
[mailto:frederic.lebeau@websurf.be]
To: Colin Watson
[mailto:colin@watsonhall.com]
Sent: Wed, 20 Jun 2012 15:25:50 +0100
Subject:
Re: Fraud detection system
Dos these rules should be implemented at application level or it could be
done afterwards based on "powerfull" data analysis engine?
On Tue, Jun 19, 2012 at 9:15 AM, Colin Watson colin@watsonhall.com wrote:
Frederic
Yes, you have to come up with some rules, but it could be implemented in a
manner that collects all anomalies and analyses that data. And as Greg
says, it depends on the context.
What you might consider to be fraudulent for one user you might let
another user get away with (within limits).
Colin
----- Original Message -----
From: Lebeau Frederic
[mailto:frederic.lebeau@websurf.be]
To: Colin Watson
[mailto:colin@watsonhall.com]
Sent: Mon, 18 Jun 2012 20:56:53 +0100
Subject:
Re: Fraud detection system
Hello,
i m avare about this project ans we havé starter its implémentation in
applications.
However, it s not like intelligent system which analisis behaviors. It
requires some programmation each time we would like to detect new
and scenarion? Right? Am i wrong?
However, the idea of the project is very good ;)
Le lundi 18 juin 2012, Colin Watson a écrit :
Frederic
If your application can assess a user's behaviour, it could also make
decisions on business-rules concerning attempted fraud, or signal
information that might be of use to external fraud analysis engines
often do not know the context of a suspicious event.
I contribute some effort to OWASP's AppSensor project, which provides
ideas along these lines:
https://www.owasp.org/index.php/OWASP_AppSensor_Project
http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3
Hello,
I'm wondering if there are some stuffs to do at application level to
increvable efficuency of fraud detection system?
Thanks
Frederic
Either, the analysis could be performed at the application level, or by an analysis engine.
Colin
----- Original Message -----
From: Lebeau Frederic
[mailto:frederic.lebeau@websurf.be]
To: Colin Watson
[mailto:colin@watsonhall.com]
Sent: Wed, 20 Jun 2012 15:25:50 +0100
Subject:
Re: Fraud detection system
> Dos these rules should be implemented at application level or it could be
> done afterwards based on "powerfull" data analysis engine?
>
> On Tue, Jun 19, 2012 at 9:15 AM, Colin Watson <colin@watsonhall.com> wrote:
>
> > Frederic
> >
> > Yes, you have to come up with some rules, but it could be implemented in a
> > manner that collects all anomalies and analyses that data. And as Greg
> > says, it depends on the context.
> >
> > What you might consider to be fraudulent for one user you might let
> > another user get away with (within limits).
> >
> > Colin
> >
> >
> > ----- Original Message -----
> > From: Lebeau Frederic
> > [mailto:frederic.lebeau@websurf.be]
> > To: Colin Watson
> > [mailto:colin@watsonhall.com]
> > Sent: Mon, 18 Jun 2012 20:56:53 +0100
> > Subject:
> > Re: Fraud detection system
> >
> >
> > > Hello,
> > > i m avare about this project ans we havé starter its implémentation in
> > our
> > > applications.
> > > However, it s not like intelligent system which analisis behaviors. It
> > > requires some programmation each time we would like to detect new
> > patterns
> > > and scenarion? Right? Am i wrong?
> > >
> > > However, the idea of the project is very good ;)
> > >
> > > Le lundi 18 juin 2012, Colin Watson a écrit :
> > >
> > > > Frederic
> > > >
> > > > If your application can assess a user's behaviour, it could also make
> > > > decisions on business-rules concerning attempted fraud, or signal
> > > > information that might be of use to external fraud analysis engines
> > which
> > > > often do not know the context of a suspicious event.
> > > >
> > > > I contribute some effort to OWASP's AppSensor project, which provides
> > some
> > > > ideas along these lines:
> > > >
> > > > https://www.owasp.org/index.php/OWASP_AppSensor_Project
> > > >
> > > > http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3
> > > >
> > > >
> > > >
> > >
> >
> http://michael-coates.blogspot.com/2010/06/online-presentation-thursday-automated.html
> > > >
> > > >
> > > >
> > >
> >
> http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-0-Issue.pdf
> > > >
> > > >
> > > >
> > >
> >
> http://www.jtmelton.com/2012/05/01/year-of-security-for-java-week-18-perform-application-layer-intrusion-detection/
> > > >
> > > > Regards
> > > >
> > > > Colin
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: Lebeau Frederic
> > > > [mailto:frederic.lebeau@websurf.be <javascript:;>]
> > > > To: websecurity@webappsec.org <javascript:;>
> > > > Sent: Sat,
> > > > 16 Jun 2012 19:55:14 +0100
> > > > Subject: [WEB SECURITY] Fraud detection system
> > > >
> > > >
> > > > > Hello,
> > > > >
> > > > > I'm wondering if there are some stuffs to do at application level to
> > > > > increvable efficuency of fraud detection system?
> > > > >
> > > > > Thanks
> > > > >
> > > >
> > >
> >
>