InformationGathering -> Logging: Visualized logging
Risk and Opportunity
Risk: System and application protocols are not visualized properly which leads to no or very limited logging assessment. Specially developers might have difficulty to read applications logs with unusually tools like the Linux tool 'cat'
Opportunity: Protocols are visualized in a simple to use real time monitoring system. The GUI gives the ability to search for special attributes in the protocol.
Usefulness and Requirements of this Activitiy
Required knowledge: Very Low (one discipline)
Required time: Medium
Required resources (systems): Medium
Dependencies: Centralized system logging, Centralized application logging
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001 - too specific