Information Gathering -> Logging: Logging of security events
Risk and Opportunity
- No track of security-relevant events makes it harder to analyze an incident.
- Security incident analysis takes significantly less time with proper security events, such that an attack can be stopped before the attacker reaches his goal.
Opportunity: Security-relevant events like login/logout or creation, change, deletion of users should be logged.
- Show which events are logged.
- Show a test for one event logging.
Implement logging of security relevant events. The following events tend to be security relevant:
- successful/failed login/logout
- creation, change, and deletion of users
- errors during input validation and output creation
- exceptions and errors with security in their name
- transactions of value (e.g., financial transactions, costly operations)
- :unicorn: (special things of your application)
- logstash, Link, Tags: tool logging
- fluentd, , Tags: tool
- bash, , Tags: tool
- OWASP Logging CheatSheet, Link, Tags: logging documentation
Usefulness and Requirements of this Activity
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2
CreditsThis activity is inspired/copied by/from