Fork me on GitHub

Information Gathering -> Logging: Centralized application logging

Risk and Opportunity

Risk: Local stored logs can be unauthorized manipulated by attackers with system access or might be corrupt after an incident. In addition, it is hard to perform an correlation of logs. This leads attacks, which can be performed silently.
Opportunity: A centralized logging system is used and applications logs (including application exceptions) are shipped to it.

Exploit details

Usefullness: Very High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies: Visualized logging, Alerting
OWASP SAMM 1 Mapping: SA2-B
OWASP SAMM 2 Mapping: o-incident-management|A|1