Click here to load reader
Upload
websecurify
View
64
Download
0
Embed Size (px)
DESCRIPTION
In part 12 of the Web Application Security 101 we talk about logging best practices.
Citation preview
LoggingInappropriate logging.
Types Of IssuesIncorrect time synchronization.
Logging of sensitive information.
Unauthorized access to logs.
Incorrect Time SynchronizationIf the time of the logs is desynchronized it will make it difficult to
perform forensic investigation in case of a break-in.
Logging Of Sensitive InformationSome types of information such as user session ids, passwords, credit
card numbers, cvv data and more should not be logged.
Unauthorized Access To LogsLog files may contain sensitive data and therefore needs to be protected.
LabWe will explore some of these areas in more detail.