Security Practices - Logging.pptx

•Download as PPTX, PDF•

0 likes•15 views

Alireza Vafi

An slides about importance of logging, one of OWASP recommendation as security practice.

Software

Why Log
• OWASP Top 10 - A09:2021 – Security Logging and Monitoring
 https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/
• OWASP Top Ten Proactive Controls 2018 - C9: Implement Security Logging and
Monitoring
 https://owasp.org/www-project-proactive-controls/v3/en/c9-security-logging
• OWASP Log Cheet-sheet
 https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html

Why Log
• Identifying security incidents
• Anomaly Detection
• Forensics
• Identifying Application Security Problems
• Also has non-security benefits:
• Identifying Performance Pitfalls
• Application Perfomance Analysis Use Cases
• Business Use Cases

What to Log
• Application Logs (Web, Mobile, Desktop …)
• Network Appliances Logs
• WAF, Db Firewalls, Proxies… Logs
• Databases Logs
• Monitoring Systems Logs
• Operating System Logs
• EVERYTHING!!!!!!!

Log Management Systems
• Microservices Era
• Tons of logs
• Forensics
• Alerts
• Identify Problems

Attributes To Log
• The application logs must record "when, where, who and what" for each event.
 When
 Where
 Who
 What

Attributes To Log (When)
 Event date and time
 Interaction identifier
 Method of linking all (relevant) events for a single user interaction (e.g.
desktop application form submission, web page request, mobile app button
click, web service call)

Attributes To Log (Where)
 Application Name and Address
 Geolocation
 Client IP
 Request Path
 Application Module

Attributes To Log (Who)
 Source Device, Address, IP or any identifier
 User Identity such as Username or any other identifier

Attributes To Log (What)
 Event Severity Level
 Event Type / Event Id
 Action
 Object
 Description
 Request/Response
 Http Status Code (Success/Failure)
 Headers
 User Agent
 Error (Exception, Stack Trace or any error description)

Data to Not Log
• Credentials
 Tokens
 Passwords
• Sensitive Application Data
 Database Connection Strings
• Sensitive personal data
 Bank Card Number or Iban
 …

Splunk Demo
• Structured Logging
• Sensitive Data Masking
• Search
• Forensics
• Analysis
• Alerts

Some logging advices
• Log as much as you can
 Maybe logging millions of event in few minutes
• Log everything in structured manner
• Log Interaction Identifier (User Id, Request Id, or any unique identifier)
 Allow you to track user interaction between systems or Service to Service Communication
• Do not hard-code log configuration
• Do not log sensitive Information (Exceptions, Personal Data…)
• Log Request/Response details Automatically using Middleware
• It make it easy for you to troubleshoot problems between micro-services

Performance Considerations
• Logs will be sent to asynchronous log management system
• Maybe milliseconds latency
• No problem for scalable apps
• A little load on CPU
• Logs may be better to store on another disk (each disk has own write queue)
• You can test performance with/without logs using browser Request Timings
or any other tool

Some useful libs (.NET)
• AutoWrapper
 Wrap application responses in standard format
 Automatically log request/responses and errors
 Prevent to expose sensitive information on errors to clients
• Serilog
 Structured Logging
 Many sinks
 Async batch log emitting
 Userful Enrichers

Speech of Dmytro Shapovalov, Infrastructure Engineer at Cossack Labs, at Ruby Meditation #26 Kyiv 16.02.2019 Next conference - http://www.rubymeditation.com/ Most modern applications live in a close cooperation with each other. We will talk about the ways to effectively use the modern techniques for monitoring the health of applications and look on tasks and typical implementation mistakes through the eyes of an infrastructure engineer. And we will also consider the Ruby libraries that help to implement all of this. Announcements and conference materials https://www.fb.me/RubyMeditation News https://twitter.com/RubyMeditation Photos https://www.instagram.com/RubyMeditation The stream of Ruby conferences (not just ours) https://t.me/RubyMeditation

Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...

Lucas Jellema

Oracle Management Cloud provides seven services that collect metrics and logging from all tiers in the stack and from clouds and on premises systems alike and provide various levels of insight in what is going on or what went on. To find performance bottlenecks, browser incompatibilities, application health issues, infrastructure problems at runtime , OMC provides dasboards, alerting, synthetic tests and log watchers. This presentation gives an overview of OMC, highlights some key features and describes how AMIS got started with APM, Log Analytics and Infrastructure Monitoring.

Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...

Splunk

The importance of a good end user experience with our applications and the responsibility for that experience is getting more attention in our move towards a DevOps culture. The challenge at the same time is growing with multitier architectures and IT landscapes distributed across technology stacks, locations and clouds. Oracle Management Cloud offers a number of products that collect runtime metrics from applications and IT platform and infrastructure components whatever what and where they are. These products provide near-real time insight (Application Performance and Infrastructure Monitoring) and analytical capabilities to find root causes, identify trends and otherwise make sense of the pile of runtime metrics (Log and Infrastructure Analytics). The objective is to quickly spot problems – ideally before they occur – find the cause and a solution and apply the latter. This session introduces Oracle Management Cloud and demonstrates what it can do for Oracle Fusion Middleware and Database, both on premises and in the public cloud.

How to Test for The OWASP Top Ten

Security Innovation

The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack. This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security. How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down: • Vulnerability anatomy – how they present themselves • Analysis of vulnerability root cause and protection schemas • Test procedures to validate susceptibility (or not) for each threat

360-Degree View of IT Infrastructure with IT Operations Analytics

Precisely

IT operations analytics (ITOA) is instrumental in helping companies lower cost and increase efficiency within their IT infrastructure. Yet in today’s multi-platform environments, companies struggle to bring mainframe and IBM i data into these views. Syncsort Ironstream enables critical SMF records, logs and other machine data in your z/OS and IBM i environments to be streamed and correlated with data from the rest of your enterprise in near real-time within Splunk or Elastic, turning machine data into operational analytics and providing valuable insights. View this 15-minute webinar on-demand to learn how to get full visibility into your entire web-based application infrastructure to enable faster and easier problem resolution.

The Ultimate Logging Architecture - You KNOW you want it!

Michele Leroux Bustamante

Logging is one of those things that everyone complains about, but doesn't dedicate time to. Of course, the first rule of logging is "do it". Without that, you have no visibility into system activities when investigations are required. But, the end goal is much, much more than this. Almost all applications require security audit logs for compliance; application logs for visibility across all cloud properties; and application tracing for tracking usage patterns and business intelligence. The latter is that magic sauce that helps businesses learn about their customer or in some cases the data is FOR the customer. Without a strategy this can get very messy, fast. In this session Michele will discuss design patterns for a sound logging and audit strategy; considerations for security and compliance; the benefits of a noSQL approach; and more.

Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...

Glen Roberts, CISSP

Taking Splunk to the Next Level - Manager

Splunk

Security architecture best practices for saas applications

kanimozhin

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Sumo Logic

Get Certified as a Sumo Security Power User! With security threats on the rise, come join our Security and Compliance experts to learn how Sumo Logic’s Threat Intelligence can help you stay on top of your environment by matching IOCs like IP address, domain names, URL, email addresses, MD5 hashes and more, to increase velocity and accuracy of threat detection. Hands on labs help cement the knowledge learned.

Log Management For e-Discovery, Database Monitoring and Other Unusual Uses

Anton Chuvakin

Modern DevOps across Technologies on premises and clouds with Oracle Manageme...

Lucas Jellema

DevOps team are responsible for well performing applications in every aspect, through the entire life cycle and across the stack, including platform and infrastructure, on premises and all cloud environments. Keeping watch on current and predicted behavior of all running components is not an easy challenge. The challenge is growing with multi tier architectures and IT landscapes distributed across technology stacks, locations and clouds. Oracle Management Cloud provides advanced capabilities to do application, platform and infrastructure monitoring and root cause log analysis. This session introduces OMC and tells about real live experiences with OMC for managing demanding non functional requirements in very hybrid environments. The objective discussed is to quickly spot problems – ideally before they occur – find the cause and a solution and apply the latter. The session demonstrates what OMC can do for Oracle Fusion Middleware and Database, both on premises and in the public cloud.

All Your Security Events Are Belong to ... You!

Xavier Mertens

All your logs are belong to you!

Security BSides London

BSidesLondon 20th April 2011 - Xavier Mertens (@xme) ======================== Your IT infrastructure generates thousands(millions?) of events a day. They are stored in several places under multiple forms and contain a lot of very interesting information. Using free tools, This presentation will give you some ideas how to properly manage this continuous flow of information and how to make them more valuable. for more about Xavier http://blog.rootshell.be

Campus days 2013 - Instrumentation

Anders Lybecker

10 tips for hardening your system

Revital Lapidot

10 tips for hardening your system

Revital Lapidot

Shared Security Responsibility for the Azure Cloud

Alert Logic

Getting Started with IBM i Security: Securing PC Access

HelpSystems

Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...

Globus

The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.

Cracking the code review at SpringIO 2024

Paco van Beckhoven

Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production. Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process? In this session we will cover: - The Art of Effective Code Reviews - Streamlining the Review Process - Elevating Reviews with Automated Tools By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces

Similar to Security Practices - Logging.pptx

Threat intelligence solution

ARUN REDDY M

NIST 800-92 Log Management Guide in the Real World

Anton Chuvakin

Application Logging Good Bad Ugly ... Beautiful?

Anton Chuvakin

Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...

Lucas Jellema

How to Test for The OWASP Top Ten

Security Innovation

360-Degree View of IT Infrastructure with IT Operations Analytics

Precisely

The Ultimate Logging Architecture - You KNOW you want it!

Michele Leroux Bustamante

Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...

Glen Roberts, CISSP

Taking Splunk to the Next Level - Manager

Splunk

Security architecture best practices for saas applications

kanimozhin

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Sumo Logic

Log Management For e-Discovery, Database Monitoring and Other Unusual Uses

Anton Chuvakin

Modern DevOps across Technologies on premises and clouds with Oracle Manageme...

Lucas Jellema

All Your Security Events Are Belong to ... You!

Xavier Mertens

All your logs are belong to you!

Security BSides London

Campus days 2013 - Instrumentation

Anders Lybecker

10 tips for hardening your system

Revital Lapidot

10 tips for hardening your system

Revital Lapidot

Shared Security Responsibility for the Azure Cloud

Alert Logic

Getting Started with IBM i Security: Securing PC Access

HelpSystems

Similar to Security Practices - Logging.pptx (20)

Threat intelligence solution

NIST 800-92 Log Management Guide in the Real World

Application Logging Good Bad Ugly ... Beautiful?

Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...

How to Test for The OWASP Top Ten

360-Degree View of IT Infrastructure with IT Operations Analytics

The Ultimate Logging Architecture - You KNOW you want it!

Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...

Taking Splunk to the Next Level - Manager

Security architecture best practices for saas applications

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Log Management For e-Discovery, Database Monitoring and Other Unusual Uses

Modern DevOps across Technologies on premises and clouds with Oracle Manageme...

All Your Security Events Are Belong to ... You!

All your logs are belong to you!

Campus days 2013 - Instrumentation

10 tips for hardening your system

Shared Security Responsibility for the Azure Cloud

Getting Started with IBM i Security: Securing PC Access

Recently uploaded

Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...

Globus

Cracking the code review at SpringIO 2024

Paco van Beckhoven

Globus Compute Introduction - GlobusWorld 2024

Globus

Globus Compute wth IRI Workflows - GlobusWorld 2024

Globus

As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.

Enterprise Software Development with No Code Solutions.pptx

QuickwayInfoSystems3

In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process. This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.

First Steps with Globus Compute Multi-User Endpoints

Globus

In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...

Juraj Vysvader

Vitthal Shirke Microservices Resume Montevideo

Vitthal Shirke

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite

Google

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite 👉👉 Click Here To Get More Info 👇👇 https://sumonreview.com/ai-pilot-review/ AI Pilot Review: Key Features ✅Deploy AI expert bots in Any Niche With Just A Click ✅With one keyword, generate complete funnels, websites, landing pages, and more. ✅More than 85 AI features are included in the AI pilot. ✅No setup or configuration; use your voice (like Siri) to do whatever you want. ✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It… ✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again. ✅ZERO Limits On Features Or Usages ✅Use Our AI-powered Traffic To Get Hundreds Of Customers ✅No Complicated Setup: Get Up And Running In 2 Minutes ✅99.99% Up-Time Guaranteed ✅30 Days Money-Back Guarantee ✅ZERO Upfront Cost See My Other Reviews Article: (1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review (2) SocioWave Review: https://sumonreview.com/sociowave-review (3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review (4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam

takuyayamamoto1800

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...

Mind IT Systems

A Sighting of filterA in Typelevel Rite of Passage

Philip Schwarz

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Natan Silnitsky

In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey. Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience. Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system. Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.

Launch Your Streaming Platforms in Minutes

Roshan Dwivedi

The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown: Pros of Speedy Streaming Platform Launch Services: No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge. Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker. All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations. Things to Consider: Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions. Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option. Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options). Examples of Services for Launching Streaming Platforms: Muvi [muvi com] Uscreen [usencreen tv] Alternatives to Consider: Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited. Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform. Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...

Globus

Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.

Graphic Design Crash Course for beginners

e20449

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf

AMB-Review

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos https://www.amb-review.com/tubetrivia-ai Exclusive Features: AI-Powered Questions, Wide Range of Categories, Adaptive Difficulty, User-Friendly Interface, Multiplayer Mode, Regular Updates. #TubeTriviaAI #QuizVideoMagic #ViralQuizVideos #AIQuizGenerator #EngageExciteExplode #MarketingRevolution #BoostYourTraffic #SocialMediaSuccess #AIContentCreation #UnlimitedTraffic

Lecture 1 Introduction to games development

abdulrafaychaudhry

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...

Globus

The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.

Recently uploaded (20)

Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...

Cracking the code review at SpringIO 2024

Globus Compute Introduction - GlobusWorld 2024

Globus Compute wth IRI Workflows - GlobusWorld 2024

Enterprise Software Development with No Code Solutions.pptx

First Steps with Globus Compute Multi-User Endpoints

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...

Vitthal Shirke Microservices Resume Montevideo

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite

Essentials of Automations: The Art of Triggers and Actions in FME

OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...

A Sighting of filterA in Typelevel Rite of Passage

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL

Launch Your Streaming Platforms in Minutes

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...

Graphic Design Crash Course for beginners

Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf

Lecture 1 Introduction to games development

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...

Security Practices - Logging.pptx

1. Logging Security Practices

2. Why Log • OWASP Top 10 - A09:2021 – Security Logging and Monitoring  https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/ • OWASP Top Ten Proactive Controls 2018 - C9: Implement Security Logging and Monitoring  https://owasp.org/www-project-proactive-controls/v3/en/c9-security-logging • OWASP Log Cheet-sheet  https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html

3. Why Log • Identifying security incidents • Anomaly Detection • Forensics • Identifying Application Security Problems • Also has non-security benefits: • Identifying Performance Pitfalls • Application Perfomance Analysis Use Cases • Business Use Cases

4. Unstructured Logging

5. What to Log • Application Logs (Web, Mobile, Desktop …) • Network Appliances Logs • WAF, Db Firewalls, Proxies… Logs • Databases Logs • Monitoring Systems Logs • Operating System Logs • EVERYTHING!!!!!!!

6. Structured Logging

7. Elastic

8. Structured Logging

9. Log Management Systems • Microservices Era • Tons of logs • Forensics • Alerts • Identify Problems

10. Log Management Systems

11. Splunk

12. Splunk - Structured Logging

13. Elastic

14. Attributes To Log • The application logs must record "when, where, who and what" for each event.  When  Where  Who  What

15. Attributes To Log (When)  Event date and time  Interaction identifier  Method of linking all (relevant) events for a single user interaction (e.g. desktop application form submission, web page request, mobile app button click, web service call)

16. Attributes To Log (Where)  Application Name and Address  Geolocation  Client IP  Request Path  Application Module

17. Attributes To Log (Who)  Source Device, Address, IP or any identifier  User Identity such as Username or any other identifier

18. Attributes To Log (What)  Event Severity Level  Event Type / Event Id  Action  Object  Description  Request/Response  Http Status Code (Success/Failure)  Headers  User Agent  Error (Exception, Stack Trace or any error description)

19. Data to Not Log • Credentials  Tokens  Passwords • Sensitive Application Data  Database Connection Strings • Sensitive personal data  Bank Card Number or Iban  …

20.

21. Logging Demo (.NET Core)

22.

23. Logging Demo

24.

25. Splunk Demo • Structured Logging • Sensitive Data Masking • Search • Forensics • Analysis • Alerts

26. Log Configuration Demo

27. Some logging advices • Log as much as you can  Maybe logging millions of event in few minutes • Log everything in structured manner • Log Interaction Identifier (User Id, Request Id, or any unique identifier)  Allow you to track user interaction between systems or Service to Service Communication • Do not hard-code log configuration • Do not log sensitive Information (Exceptions, Personal Data…) • Log Request/Response details Automatically using Middleware • It make it easy for you to troubleshoot problems between micro-services

28. Performance Considerations • Logs will be sent to asynchronous log management system • Maybe milliseconds latency • No problem for scalable apps • A little load on CPU • Logs may be better to store on another disk (each disk has own write queue) • You can test performance with/without logs using browser Request Timings or any other tool

29. Some useful libs (.NET) • AutoWrapper  Wrap application responses in standard format  Automatically log request/responses and errors  Prevent to expose sensitive information on errors to clients • Serilog  Structured Logging  Many sinks  Async batch log emitting  Userful Enrichers

Security Practices - Logging.pptx

Recommended

Recommended

More Related Content

Similar to Security Practices - Logging.pptx

Similar to Security Practices - Logging.pptx (20)

Recently uploaded

Recently uploaded (20)

Security Practices - Logging.pptx