Submit Search
Upload
Web Application Security 101 - 12 Logging
•
1 like
•
362 views
Websecurify
Follow
In part 12 of the Web Application Security 101 we talk about logging best practices.
Read less
Read more
Software
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 6
Download now
Download to read offline
Recommended
application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
Docker Indy Meetup - Monitoring 30-Aug-2016 - Monitoring platforms - Built in Healthchecks - Sysdig demo - Swarm mode demo + healthchecks Link to demo repository: https://github.com/mbentley/docker-healthcheck-demos
Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016
Matt Bentley
ELK Stack workshop covers real-world use cases and works with the participants to - implement them. This includes Elastic overview, Logstash configuration, creation of dashboards in Kibana, guidelines and tips on processing custom log formats, designing a system to scale, choosing hardware, and managing the lifecycle of your logs.
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
SpringPeople
This presentation gives you a general overview of Simple Network Management Protocol covering different SNMP versions, simple commands, MIBs, OIDs and Traps.
SNMP Demystified Part-I
SNMP Demystified Part-I
ManageEngine
You are a developer, create applications that generate logs. You would like to monitor those logs to check what the application is doing in production. Or you are an operator in need for information about the whole platform. You need logs from the load balancer, proxy, database and the application. If possible you would like to correlate these logs as well. Maybe you are an analyst and you would like to create some graphs of the data you obtained. If one of these roles is you, the chance is big you heard about ELK. This is short for Elasticsearch, Logstash and Kibana. The goal for these projects is to obtain data (logstash), store it in a central repository (elasticsearch) to make it searchable and available for analysis. Having all this data is nice, but making it visible is even better, that is where Kibana comes in. With Kibana you can create nice dashboard giving insight into your data. ELK is a proven technology stack to handle your logs. During this talk I will present you the complete stack. I’ll show you how to import data with logstash, explain what happens in elasticsearch and create a dashboard using Kibana. I will also discuss some choices you have to make while storing the data, go into a number of possible architectures for the ELK stack. At the end you have a good idea about what ELK can do for you.
Real-time data analysis using ELK
Real-time data analysis using ELK
Jettro Coenradie
This presentation gives a general overview of basic SNMP operations and troubleshooting SNMP issues. This presentation is the second of a three part series - SNMP Demystified.
SNMP Demystified Part-II
SNMP Demystified Part-II
ManageEngine
Cisco, The leader in enterprise networking and communication technology exposes lot of proprietary and standard protocols/ technologies to monitor and manage its devices. To name few SNMP, CDP, NetFlow, NBAR, CBQoS, IP SLA, & much more… Know how to monitor and manage everything Cisco using ManageEngine OpManager.
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManager
ManageEngine
Why logging Docker is a challenge and how to overcome this challenge using the ELK stack.
Monitoring Docker with ELK
Monitoring Docker with ELK
Daniel Berman
Recommended
application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
Docker Indy Meetup - Monitoring 30-Aug-2016 - Monitoring platforms - Built in Healthchecks - Sysdig demo - Swarm mode demo + healthchecks Link to demo repository: https://github.com/mbentley/docker-healthcheck-demos
Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016
Matt Bentley
ELK Stack workshop covers real-world use cases and works with the participants to - implement them. This includes Elastic overview, Logstash configuration, creation of dashboards in Kibana, guidelines and tips on processing custom log formats, designing a system to scale, choosing hardware, and managing the lifecycle of your logs.
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
SpringPeople
This presentation gives you a general overview of Simple Network Management Protocol covering different SNMP versions, simple commands, MIBs, OIDs and Traps.
SNMP Demystified Part-I
SNMP Demystified Part-I
ManageEngine
You are a developer, create applications that generate logs. You would like to monitor those logs to check what the application is doing in production. Or you are an operator in need for information about the whole platform. You need logs from the load balancer, proxy, database and the application. If possible you would like to correlate these logs as well. Maybe you are an analyst and you would like to create some graphs of the data you obtained. If one of these roles is you, the chance is big you heard about ELK. This is short for Elasticsearch, Logstash and Kibana. The goal for these projects is to obtain data (logstash), store it in a central repository (elasticsearch) to make it searchable and available for analysis. Having all this data is nice, but making it visible is even better, that is where Kibana comes in. With Kibana you can create nice dashboard giving insight into your data. ELK is a proven technology stack to handle your logs. During this talk I will present you the complete stack. I’ll show you how to import data with logstash, explain what happens in elasticsearch and create a dashboard using Kibana. I will also discuss some choices you have to make while storing the data, go into a number of possible architectures for the ELK stack. At the end you have a good idea about what ELK can do for you.
Real-time data analysis using ELK
Real-time data analysis using ELK
Jettro Coenradie
This presentation gives a general overview of basic SNMP operations and troubleshooting SNMP issues. This presentation is the second of a three part series - SNMP Demystified.
SNMP Demystified Part-II
SNMP Demystified Part-II
ManageEngine
Cisco, The leader in enterprise networking and communication technology exposes lot of proprietary and standard protocols/ technologies to monitor and manage its devices. To name few SNMP, CDP, NetFlow, NBAR, CBQoS, IP SLA, & much more… Know how to monitor and manage everything Cisco using ManageEngine OpManager.
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManager
ManageEngine
Why logging Docker is a challenge and how to overcome this challenge using the ELK stack.
Monitoring Docker with ELK
Monitoring Docker with ELK
Daniel Berman
Simple Network Management Protocol
snmp
snmp
حسن رشید
Esta presentación brinda un resumen sobre el protocolo simple de administración de redes cubriendo las diferentes versiones de SNMP, comandos sencillos, MIBs, OIDs y traps. Esta presentación es la primera de una serie de dos partes.
Desmitificando SNMP
Desmitificando SNMP
ManageEngine
In this presentation I discuss the need for better understanding of the human investigation process. I demonstrate the tool agnostic investigation simulator I developed to observe and collet investigation data, and discuss results from some of these experiments.
SOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinth
chrissanders88
Vendor neutral talk on deep network traffic monitoring presented at HasGeek.in on May 3 2014
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
vivekrajan
ELK-Stack is world’s most popular log management platform. These open-source products are most commonly used in log analysis in IT environments. Logstash collects and parses logs, Elasticsearch indexes and stores the information. Kibana then presents the data in visualizations that provide actionable insights into one’s environment/software. Ashwin is going to brief about ELK-stack and show how this popular log management platform can be used with BizTalk servers. Including installing ELK stack in Windows and demo on how BizTalk data can be logged and analyzed in ELK-Stack. And he is going to discuss about some of the uses cases you can use ELK-stack with BizTalk and Azure.
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
BizTalk360
Zenoss seminar
Zenoss seminar
प्रफुल्लकुमार भोसले
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
chrissanders88
How LinkedIn uses and scale ELK clusters using Kafka. Lessons learned. There are useful notes in the PowerPoint version.
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
Tin Le
In this presentation, we discuss the benefit of using flow data for detection and analysis. We also discuss the SiLK flow analysis suite and the FlowPlotter tool that can be used for generating ad-hoc visualizations from flow data, as well as the upcoming FlowBAT tool that is used to ease analysis of this very useful data type.
Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014
chrissanders88
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
chrissanders88
This presentation was delivered at Art into Science 2017 in Austin, TX. I discuss the ongoing cognitive crisis in information security, and present original research methods and results related to the investigation process.
Art into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive Approach
chrissanders88
CCNAv5 S4 - Connecting Networks Chapter8 monitoring the network Download here: ccna5vn.wordpress.com ccna5vn.blogspot.com Cehv8: cehv8vn.blogspot.com Youtube Channel: www.youtube.com/user/VuzBlog
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
Dennis shows us how to integrate the ELK (ElasticSearch, Logstash & Kibana) stack with Zabbix.
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Nederlandstalige Zabbix Gebruikersgroep
The following illustrates some of the common security challanges Node.js developers are up against. The presentation covers various types of JavaScript-related hacks and NoSQL injection hacking via Express and MongoDB.
Security Challenges in Node.js
Security Challenges in Node.js
Websecurify
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Websecurify
In this presentation we explore some of the problems of unicode and how they can be used for nefarious purposes in order to exploit a range of critical vulnerabilities including SQL Injection, XSS and many other.
Unicode - Hacking The International Character System
Unicode - Hacking The International Character System
Websecurify
In this presentation we explore what makes Websecurify Suite unique. There are a few demos of Websecurify Suite itself and Cohesion - Websecurify's continuous integration security toolkit.
Next Generation of Web Application Security Tools
Next Generation of Web Application Security Tools
Websecurify
In part 14 of Web Application Security 101 you will learn about SQL Injection, Cross-site Scripting, Local File Includes and other common types of data validation problems.
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
Websecurify
In part 10 of Web Application Security 101 we explore the various issues that effect the server tier such as default files, default configuration, misconfigured insecure servers and more.
Web Application Security 101 - 10 Server Tier
Web Application Security 101 - 10 Server Tier
Websecurify
In part 7 of Web Application Security 101 we will explore the various security aspects of modern session management systems. We will particularly explore vulnerabilities such as weak session management and more. We will also look into session bruteforce attacks
Web Application Security 101 - 07 Session Management
Web Application Security 101 - 07 Session Management
Websecurify
In part 6 of Web Application Security 101 we will look into vulnerabilities effecting the authentication system. You will learn about password bruteforce attacks, cracking captures, bypassing the login system and more.
Web Application Security 101 - 06 Authentication
Web Application Security 101 - 06 Authentication
Websecurify
In part 5 of Web Application Security 101 we will dive into the various enumeration techniques attackers use to fingerprint web applications. This steps is very important because it gives a lot of insight about weak areas that can be exploited at later stage. You will learn about fingerprinting software versions and firewalls, discovering virtual hosts, google hacking and more.
Web Application Security 101 - 05 Enumeration
Web Application Security 101 - 05 Enumeration
Websecurify
More Related Content
Viewers also liked
Simple Network Management Protocol
snmp
snmp
حسن رشید
Esta presentación brinda un resumen sobre el protocolo simple de administración de redes cubriendo las diferentes versiones de SNMP, comandos sencillos, MIBs, OIDs y traps. Esta presentación es la primera de una serie de dos partes.
Desmitificando SNMP
Desmitificando SNMP
ManageEngine
In this presentation I discuss the need for better understanding of the human investigation process. I demonstrate the tool agnostic investigation simulator I developed to observe and collet investigation data, and discuss results from some of these experiments.
SOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinth
chrissanders88
Vendor neutral talk on deep network traffic monitoring presented at HasGeek.in on May 3 2014
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
vivekrajan
ELK-Stack is world’s most popular log management platform. These open-source products are most commonly used in log analysis in IT environments. Logstash collects and parses logs, Elasticsearch indexes and stores the information. Kibana then presents the data in visualizations that provide actionable insights into one’s environment/software. Ashwin is going to brief about ELK-stack and show how this popular log management platform can be used with BizTalk servers. Including installing ELK stack in Windows and demo on how BizTalk data can be logged and analyzed in ELK-Stack. And he is going to discuss about some of the uses cases you can use ELK-stack with BizTalk and Azure.
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
BizTalk360
Zenoss seminar
Zenoss seminar
प्रफुल्लकुमार भोसले
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
chrissanders88
How LinkedIn uses and scale ELK clusters using Kafka. Lessons learned. There are useful notes in the PowerPoint version.
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
Tin Le
In this presentation, we discuss the benefit of using flow data for detection and analysis. We also discuss the SiLK flow analysis suite and the FlowPlotter tool that can be used for generating ad-hoc visualizations from flow data, as well as the upcoming FlowBAT tool that is used to ease analysis of this very useful data type.
Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014
chrissanders88
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
chrissanders88
This presentation was delivered at Art into Science 2017 in Austin, TX. I discuss the ongoing cognitive crisis in information security, and present original research methods and results related to the investigation process.
Art into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive Approach
chrissanders88
CCNAv5 S4 - Connecting Networks Chapter8 monitoring the network Download here: ccna5vn.wordpress.com ccna5vn.blogspot.com Cehv8: cehv8vn.blogspot.com Youtube Channel: www.youtube.com/user/VuzBlog
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
Dennis shows us how to integrate the ELK (ElasticSearch, Logstash & Kibana) stack with Zabbix.
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Nederlandstalige Zabbix Gebruikersgroep
Viewers also liked
(13)
snmp
snmp
Desmitificando SNMP
Desmitificando SNMP
SOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinth
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Zenoss seminar
Zenoss seminar
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
Art into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive Approach
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
More from Websecurify
The following illustrates some of the common security challanges Node.js developers are up against. The presentation covers various types of JavaScript-related hacks and NoSQL injection hacking via Express and MongoDB.
Security Challenges in Node.js
Security Challenges in Node.js
Websecurify
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Websecurify
In this presentation we explore some of the problems of unicode and how they can be used for nefarious purposes in order to exploit a range of critical vulnerabilities including SQL Injection, XSS and many other.
Unicode - Hacking The International Character System
Unicode - Hacking The International Character System
Websecurify
In this presentation we explore what makes Websecurify Suite unique. There are a few demos of Websecurify Suite itself and Cohesion - Websecurify's continuous integration security toolkit.
Next Generation of Web Application Security Tools
Next Generation of Web Application Security Tools
Websecurify
In part 14 of Web Application Security 101 you will learn about SQL Injection, Cross-site Scripting, Local File Includes and other common types of data validation problems.
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
Websecurify
In part 10 of Web Application Security 101 we explore the various issues that effect the server tier such as default files, default configuration, misconfigured insecure servers and more.
Web Application Security 101 - 10 Server Tier
Web Application Security 101 - 10 Server Tier
Websecurify
In part 7 of Web Application Security 101 we will explore the various security aspects of modern session management systems. We will particularly explore vulnerabilities such as weak session management and more. We will also look into session bruteforce attacks
Web Application Security 101 - 07 Session Management
Web Application Security 101 - 07 Session Management
Websecurify
In part 6 of Web Application Security 101 we will look into vulnerabilities effecting the authentication system. You will learn about password bruteforce attacks, cracking captures, bypassing the login system and more.
Web Application Security 101 - 06 Authentication
Web Application Security 101 - 06 Authentication
Websecurify
In part 5 of Web Application Security 101 we will dive into the various enumeration techniques attackers use to fingerprint web applications. This steps is very important because it gives a lot of insight about weak areas that can be exploited at later stage. You will learn about fingerprinting software versions and firewalls, discovering virtual hosts, google hacking and more.
Web Application Security 101 - 05 Enumeration
Web Application Security 101 - 05 Enumeration
Websecurify
In part 4 of Web Application Security 101 we will dive deep into the standard testing methodology used by penetration testers and vulnerability researchers when testing web application for security vulnerabilities.
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
Websecurify
In part 3 of Web Application Security 101 you will get introduced to the standard security toolkit. You will get access to Websecurify Suite to start hacking your way through the rest of the course.
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
Websecurify
In part 2 of Web Application Security 101 we cover the basics of HTTP, HTML, XML, JSON, JavaScript, CSS and more in order to get you up to speed with the technology. This knowledge will be used during the rest of the course to explore the various security aspects effecting web applications today.
Web Application Security 101 - 02 The Basics
Web Application Security 101 - 02 The Basics
Websecurify
More from Websecurify
(12)
Security Challenges in Node.js
Security Challenges in Node.js
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Unicode - Hacking The International Character System
Unicode - Hacking The International Character System
Next Generation of Web Application Security Tools
Next Generation of Web Application Security Tools
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 10 Server Tier
Web Application Security 101 - 10 Server Tier
Web Application Security 101 - 07 Session Management
Web Application Security 101 - 07 Session Management
Web Application Security 101 - 06 Authentication
Web Application Security 101 - 06 Authentication
Web Application Security 101 - 05 Enumeration
Web Application Security 101 - 05 Enumeration
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 02 The Basics
Web Application Security 101 - 02 The Basics
Recently uploaded
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Engineering Excellence
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, from Idea to Value Creation
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
Opening Keynote - Sanjiva
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
WSO2
This presentation covers the following topics: What is logging? The purpose of logging: Debugging The purpose of logging: Security The purpose of logging: Stats & analytics Traditional logging Traditional logging: Advantages Traditional logging: Disadvantages The solution: Large-scale logging Large-scale logging: Core principles Large-scale logging: Solution types Large-scale logging: Cloud vs on-prem Large-scale logging: Operational complexity Large-scale logging: Security Large-scale logging: Costs Large-scale logging: On-prem comparison - Elasticsearch - Grafana Loki - VictoriaLogs On-prem comparison: Setup and operation On-prem comparison: Costs On-prem comparison: Full-text search support On-prem comparison: How to efficiently query 100TB of logs? On-prem comparison: Integration with CLI tools VictoriaLogs for large-scale logging VictoriaLogs demo instance - Ingestion rate: 3600 messages / minute - The number of log messages: 1.1 billion - Uncompressed log messages’ size: 1.5TB - Compressed log messages’ size: 23GB - Compression ratio: 47x - Memory usage: 150MB VictoriaLogs CLI integration demo - Which errors have occurred in all the apps during the last hour? - How many errors have occurred during the last hour? - Which apps generated the most of errors during the last hour? - The number of per-minute errors for the last 10 minutes - Status codes for the last hour - Non-200 status codes for the last week - Top client IPs for the last 4 weeks with 404 and 500 response status codes - Per-month stats for the given IP across all the logs Large-scale logging solution MUST provide excellent CLI integration VictoriaLogs: (temporary) drawbacks VictoriaLogs: Recap - Easy to setup and operate - The lowest RAM usage and disk space usage (up to 30x less than Elasticsearch and Grafana Loki) - Fast full-text search - Excellent integration with traditional command-line tools for log analysis - Accepts logs from popular log shippers (Filebeat, Fluentbit, Logstash, Vector, Promtail, Grafana Agent) - Open source and free to use!
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platformless Approach
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Professionals in 2024
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2
Azure Native Qumulo scales elastically for common High Performance Compute (HPC) workloads based on application requirements for: Financial Services, Automotive, Genomics / Life Sciences, Media and Entertainment, Energy, Oil and Gas, and more. Performance can be increased (and elastically decreased) much higher than the examples shown here. These slides offer a glimpse into ANQ's HPC capabilities, although at a smaller scale. We invite YOU to do your own testing (with a free ANQ trial) and work with us to test your HPC workloads in Azure.
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
ryanfarris8
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 Low-Code Integration Products
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2
Announcing the new 2.0 version of Codolex, the low code development solution for Delphi developers. This new version includes many enhancements and fixes, as well as a very exciting new pricing model. Check out the slides to learn more about the benefits of Codolex and why you need to elevate your Delphi development today.
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
Jim McKeeth
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive Advantage
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go of Our Pet Servers
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with an Internal Developer Platform
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2
Evolving Data Governance for the Real-time Streaming and AI Era Andrew Foo Customer Solutions @ Confluent
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
confluent
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
WSO2
Recently uploaded
(20)
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
Web Application Security 101 - 12 Logging
1.
Logging Inappropriate logging.
2.
Types Of Issues Incorrect time synchronization. Logging
of sensitive information. Unauthorized access to logs.
3.
Incorrect Time Synchronization If the time
of the logs is desynchronized it will make it difficult to perform forensic investigation in case of a break-in.
4.
Logging Of Sensitive Information Some types of
information such as user session ids, passwords, credit card numbers, cvv data and more should not be logged.
5.
Unauthorized Access To Logs Log files may
contain sensitive data and therefore needs to be protected.
6.
Lab We will explore
some of these areas in more detail.
Download now