Secure Code Warrior, profile picture
Uploaded bySecure Code Warrior
PPTX, PDF116 views

Secure Code Warrior - Logging

The document discusses the importance of logging application security events to prevent and investigate security incidents effectively. It emphasizes the need for a proper logging framework to record authentication attempts while avoiding the logging of sensitive information. Key recommendations include centralizing logs, monitoring suspicious events, and restricting access to authorized personnel.

Embed presentation

Downloaded 10 times
Logging Application Security Fundamentals by Secure Code Warrior Limited is licensed under CC BY-ND 4.0
The application doesn’t log security-related information or simply doesn’t log anything at all. The opposite can happen as well: an application logs confidential information. What could happen? Security-related incidents cannot be properly investigated due to a lack of evidence. In case confidential data is logged, an attacker could get a hold of it. How to implement it? Use a logging framework to log all interesting events in appropriate detail with the necessary variables. Restrict access to authorized individuals. What’s the concept about?
An application uses a logging mechanism that stores information about authentication events. Suspicious events are being actively monitored. The login attempts are being logged. Since the logs are being monitored, the administrator is made aware of the attack on his account. Using detailed information of the log file, the incident response team is able to get more information about the attacker and his attack. An attacker wants to crack the password of the admin account. He performs a series of login attempts using a password list. 123456 password qwerty 12345678 abc123 … passwords.txt Logging authentication events Logging Understanding the concept Web application Event: [Login Failed (1)] User: admin, IP: 123.123.123.123 Event: [Login Failed (2)] User: admin, IP: 123.123.123.123 Event: [Login Failed (3)] User: admin, IP: 123.123.123.123 Event: [Login Failed (4)] User: admin, IP: 123.123.123.123 … EventLog.logadmin ********* Password Login
An application without logging mechanism that stores information about authentication events, such as successful or failed logins. Because no lockout mechanism exists, the attacker can try all possible passwords from the list. No login attempt is being logged. The admin does not realize his account is being attacked and compromised. If he discovers the account takeover, he has no way of analyzing the attack. An attacker wants to crack the password of the admin account. He performs a series of login attempts using a password list. 123456 password qwerty 12345678 abc123 … passwords.txt Missing authentication logging Logging What could happen with the concept? Web application Event: [Login Failed (1)] User: admin, IP: 123.123.123.123 Event: [Login Failed (2)] User: admin, IP: 123.123.123.123 Event: [Login Failed (3)] User: admin, IP: 123.123.123.123 Event: [Login Failed (4)] User: admin, IP: 123.123.123.123 … EventLog.logadmin ********* Password Login
… Event: [Successful login] User: John, Password: ********* … EventLog.log A web application logs all relevant activity of its users. By exploiting a vulnerability of the site, an attacker is able to access the log file of the application. Because no sensitive information is present in the log, the attacker doesn’t have information to mount an attack against user accounts. A user logs into the system with its user and password. This event is logged to a log file. No sensitive information like the password is included. No sensitive information in log file Logging Understanding the concept Web application http://site.com/?page=../../../../EventLog.log Login: John, Password: Y6ZGFIR84
… Event: [Successful login] User: John, Password: Y6ZGFIR84 … EventLog.log A web application logs all relevant activity of its users. By exploiting a vulnerability of the site, an attacker is able to access the log file of the application. Because user passwords are kept in the log file, the attacker is able to steal the accounts of all the users listed in the log. A user logs into the system with its user and password. This event is logged to a log file. The password is included in the log. Plaint text passwords in log file Logging What could happen with the concept? Web application http://site.com/?page=../../../../EventLog.log Login: John, Password: Y6ZGFIR84
Logging Typical controls Centralize logging using a framework. Log activity through all of the application tiers. Log key events. Successful and failed logon attempts, modification and retrieval of data, … Log relevant information (the 5 W’s of logging) What happened, when, where (host, network interface, ..), who was involved, where did it come from? Avoid logging private information such as passwords or credit card information. Restrict access to logs to authorized individuals.

More Related Content

PPTX
Secure Code Warrior - Defense in depth
bySecure Code Warrior
 
PPT
Web Application Security
byColin English
 
PPTX
Security Testing for Web Application
byPrecise Testing Solution
 
PPTX
Owasp top 10 2017
byibrahimumer2
 
PPTX
Security Testing For Web Applications
byVladimir Soghoyan
 
PPT
Step by step guide for web application security testing
byAvyaan, Web Security Company in India
 
PPTX
Secure Code Warrior - Trust no input
bySecure Code Warrior
 
PPTX
Owasp first5 presentation
byAshwini Paranjpe
 
Secure Code Warrior - Defense in depth
bySecure Code Warrior
 
Web Application Security
byColin English
 
Security Testing for Web Application
byPrecise Testing Solution
 
Owasp top 10 2017
byibrahimumer2
 
Security Testing For Web Applications
byVladimir Soghoyan
 
Step by step guide for web application security testing
byAvyaan, Web Security Company in India
 
Secure Code Warrior - Trust no input
bySecure Code Warrior
 
Owasp first5 presentation
byAshwini Paranjpe
 

What's hot

PDF
Owasp top 10
byYasserElsnbary
 
PDF
Web Application Security 101
byCybersecurity Education and Research Centre
 
PPTX
Security Testing Training With Examples
byAlwin Thayyil
 
PPTX
Security testing
byKhizra Sammad
 
PPS
Security testing
byTabăra de Testare
 
PPTX
How to Test for The OWASP Top Ten
bySecurity Innovation
 
PDF
Security testing presentation
byConfiz
 
PDF
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
PPTX
IT security : Keep calm and monitor PowerShell
byManageEngine
 
PDF
Web application sec_3
byvhimsikal
 
PPTX
OWASP Top 10 - 2017 Top 10 web application security risks
byKun-Da Wu
 
PPT
Bitrix Software Security
byFTS Capital Group Sp. z o.o.
 
PDF
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
byLenur Dzhemiliev
 
PPTX
Web Application Vulnerabilities
byPreetish Panda
 
PPTX
A7 Missing Function Level Access Control
bystevil1224
 
PPTX
SSRF exploit the trust relationship
byn|u - The Open Security Community
 
PPTX
8 must dos for a perfect privileged account management strategy
byManageEngine
 
PPTX
Exploiting parameter tempering attack in web application
byVishal Kumar
 
PDF
The Complete Web Application Security Testing Checklist
byCigital
 
PDF
Web Application Security 101 - 04 Testing Methodology
byWebsecurify
 
Owasp top 10
byYasserElsnbary
 
Web Application Security 101
byCybersecurity Education and Research Centre
 
Security Testing Training With Examples
byAlwin Thayyil
 
Security testing
byKhizra Sammad
 
Security testing
byTabăra de Testare
 
How to Test for The OWASP Top Ten
bySecurity Innovation
 
Security testing presentation
byConfiz
 
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
IT security : Keep calm and monitor PowerShell
byManageEngine
 
Web application sec_3
byvhimsikal
 
OWASP Top 10 - 2017 Top 10 web application security risks
byKun-Da Wu
 
Bitrix Software Security
byFTS Capital Group Sp. z o.o.
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
byLenur Dzhemiliev
 
Web Application Vulnerabilities
byPreetish Panda
 
A7 Missing Function Level Access Control
bystevil1224
 
SSRF exploit the trust relationship
byn|u - The Open Security Community
 
8 must dos for a perfect privileged account management strategy
byManageEngine
 
Exploiting parameter tempering attack in web application
byVishal Kumar
 
The Complete Web Application Security Testing Checklist
byCigital
 
Web Application Security 101 - 04 Testing Methodology
byWebsecurify
 

Viewers also liked

PPTX
Secure Code Warrior - Local storage
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Secure by default
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Privacy
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Cookies and sessions
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Client side injection
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Insufficient data encoding
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Fail securely
bySecure Code Warrior
 
PPTX
Secure Code Warrior - XQuery injection
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Issues with origins
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Unrestricted file upload
bySecure Code Warrior
 
PPTX
Secure Code Warrior - CRLF injection
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Robust error checking
bySecure Code Warrior
 
PPTX
Secure Code Warrior - Least privilege
bySecure Code Warrior
 
Secure Code Warrior - Local storage
bySecure Code Warrior
 
Secure Code Warrior - Secure by default
bySecure Code Warrior
 
Secure Code Warrior - Privacy
bySecure Code Warrior
 
Secure Code Warrior - Cookies and sessions
bySecure Code Warrior
 
Secure Code Warrior - Client side injection
bySecure Code Warrior
 
Secure Code Warrior - Insufficient data encoding
bySecure Code Warrior
 
Secure Code Warrior - Fail securely
bySecure Code Warrior
 
Secure Code Warrior - XQuery injection
bySecure Code Warrior
 
Secure Code Warrior - Issues with origins
bySecure Code Warrior
 
Secure Code Warrior - Unrestricted file upload
bySecure Code Warrior
 
Secure Code Warrior - CRLF injection
bySecure Code Warrior
 
Secure Code Warrior - Robust error checking
bySecure Code Warrior
 
Secure Code Warrior - Least privilege
bySecure Code Warrior
 

Similar to Secure Code Warrior - Logging

PPT
Auditing.ppt
byssuser45a8a6
 
PDF
Understanding the Event Log
bychuckbt
 
PPTX
Eventlog
byShashi Kanth
 
PPTX
Power of logs: practices for network security
byInformation Technology Society Nepal
 
PPTX
Cm4 secure code_training_1day_error handling and logging
bydcervigni
 
PPT
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byAnton Chuvakin
 
PPTX
Security Practices - Logging.pptx
byAlireza Vafi
 
PPT
Logs for Information Assurance and Forensics @ USMA
byAnton Chuvakin
 
PPT
Logs = Accountability
byAnton Chuvakin
 
PPT
The importance of logs - DefCamp 2012
byDefCamp
 
PPTX
Log maintenance network securiy
byMohsin Ali
 
PPT
Application Logging Good Bad Ugly ... Beautiful?
byAnton Chuvakin
 
PPTX
Critical Log Review Checklist For Security Incidents
byJoe Shenouda
 
DOCX
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
byAnton Chuvakin
 
PPTX
09 application security fundamentals - part 2 - security mechanisms - logging
byappsec
 
PDF
Events Classification in Log Audit
byIJNSA Journal
 
PPT
FIRST 2006 Full-day Tutorial on Logs for Incident Response
byAnton Chuvakin
 
PPT
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byguestc0c304
 
PPT
Making Logs Sexy Again: Can We Finally Lose The Regexes?
byAnton Chuvakin
 
PPTX
detection pptx siem analyst security for understanding
byMuhammadAriSetiawan2
 
Auditing.ppt
byssuser45a8a6
 
Understanding the Event Log
bychuckbt
 
Eventlog
byShashi Kanth
 
Power of logs: practices for network security
byInformation Technology Society Nepal
 
Cm4 secure code_training_1day_error handling and logging
bydcervigni
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byAnton Chuvakin
 
Security Practices - Logging.pptx
byAlireza Vafi
 
Logs for Information Assurance and Forensics @ USMA
byAnton Chuvakin
 
Logs = Accountability
byAnton Chuvakin
 
The importance of logs - DefCamp 2012
byDefCamp
 
Log maintenance network securiy
byMohsin Ali
 
Application Logging Good Bad Ugly ... Beautiful?
byAnton Chuvakin
 
Critical Log Review Checklist For Security Incidents
byJoe Shenouda
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
byAnton Chuvakin
 
09 application security fundamentals - part 2 - security mechanisms - logging
byappsec
 
Events Classification in Log Audit
byIJNSA Journal
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
byAnton Chuvakin
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byguestc0c304
 
Making Logs Sexy Again: Can We Finally Lose The Regexes?
byAnton Chuvakin
 
detection pptx siem analyst security for understanding
byMuhammadAriSetiawan2
 

Recently uploaded

PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PPTX
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PPTX
Basics-of-Electronics-and-Core-Components-of-IoT-Systems.pptx
byMuhammedNihal54
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
KM World 2025 Enterprises, KM, & Agentic AI
byEnterprise Knowledge
 
PPTX
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PPTX
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
Basics-of-Electronics-and-Core-Components-of-IoT-Systems.pptx
byMuhammedNihal54
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
KM World 2025 Enterprises, KM, & Agentic AI
byEnterprise Knowledge
 
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 

Secure Code Warrior - Logging

  • 1.
    Logging Application Security Fundamentals bySecure Code Warrior Limited is licensed under CC BY-ND 4.0
  • 2.
    The application doesn’tlog security-related information or simply doesn’t log anything at all. The opposite can happen as well: an application logs confidential information. What could happen? Security-related incidents cannot be properly investigated due to a lack of evidence. In case confidential data is logged, an attacker could get a hold of it. How to implement it? Use a logging framework to log all interesting events in appropriate detail with the necessary variables. Restrict access to authorized individuals. What’s the concept about?
  • 3.
    An application usesa logging mechanism that stores information about authentication events. Suspicious events are being actively monitored. The login attempts are being logged. Since the logs are being monitored, the administrator is made aware of the attack on his account. Using detailed information of the log file, the incident response team is able to get more information about the attacker and his attack. An attacker wants to crack the password of the admin account. He performs a series of login attempts using a password list. 123456 password qwerty 12345678 abc123 … passwords.txt Logging authentication events Logging Understanding the concept Web application Event: [Login Failed (1)] User: admin, IP: 123.123.123.123 Event: [Login Failed (2)] User: admin, IP: 123.123.123.123 Event: [Login Failed (3)] User: admin, IP: 123.123.123.123 Event: [Login Failed (4)] User: admin, IP: 123.123.123.123 … EventLog.logadmin ********* Password Login
  • 4.
    An application withoutlogging mechanism that stores information about authentication events, such as successful or failed logins. Because no lockout mechanism exists, the attacker can try all possible passwords from the list. No login attempt is being logged. The admin does not realize his account is being attacked and compromised. If he discovers the account takeover, he has no way of analyzing the attack. An attacker wants to crack the password of the admin account. He performs a series of login attempts using a password list. 123456 password qwerty 12345678 abc123 … passwords.txt Missing authentication logging Logging What could happen with the concept? Web application Event: [Login Failed (1)] User: admin, IP: 123.123.123.123 Event: [Login Failed (2)] User: admin, IP: 123.123.123.123 Event: [Login Failed (3)] User: admin, IP: 123.123.123.123 Event: [Login Failed (4)] User: admin, IP: 123.123.123.123 … EventLog.logadmin ********* Password Login
  • 5.
    … Event: [Successful login]User: John, Password: ********* … EventLog.log A web application logs all relevant activity of its users. By exploiting a vulnerability of the site, an attacker is able to access the log file of the application. Because no sensitive information is present in the log, the attacker doesn’t have information to mount an attack against user accounts. A user logs into the system with its user and password. This event is logged to a log file. No sensitive information like the password is included. No sensitive information in log file Logging Understanding the concept Web application http://site.com/?page=../../../../EventLog.log Login: John, Password: Y6ZGFIR84
  • 6.
    … Event: [Successful login]User: John, Password: Y6ZGFIR84 … EventLog.log A web application logs all relevant activity of its users. By exploiting a vulnerability of the site, an attacker is able to access the log file of the application. Because user passwords are kept in the log file, the attacker is able to steal the accounts of all the users listed in the log. A user logs into the system with its user and password. This event is logged to a log file. The password is included in the log. Plaint text passwords in log file Logging What could happen with the concept? Web application http://site.com/?page=../../../../EventLog.log Login: John, Password: Y6ZGFIR84
  • 7.
    Logging Typical controls Centralize loggingusing a framework. Log activity through all of the application tiers. Log key events. Successful and failed logon attempts, modification and retrieval of data, … Log relevant information (the 5 W’s of logging) What happened, when, where (host, network interface, ..), who was involved, where did it come from? Avoid logging private information such as passwords or credit card information. Restrict access to logs to authorized individuals.