SlideShare una empresa de Scribd logo

Security Practices - Logging.pptx

Descargar como PPTX, PDF
Alireza Vafi
Alireza Vafi

This document discusses the importance of logging for security purposes and provides guidance on implementing effective logging practices. It recommends logging all application activity to identify security incidents, aid in forensics investigations, and detect performance issues. The document outlines what types of information should be logged, such as date/time, IP addresses, user identities, and request details. It also advises avoiding logging sensitive data. Examples are given of logging frameworks and log management systems that support structured, scalable logging.

1 de 29
Logging Security Practices
Why Log • OWASP Top 10 - A09:2021 – Security Logging and Monitoring  https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/ • OWASP Top Ten Proactive Controls 2018 - C9: Implement Security Logging and Monitoring  https://owasp.org/www-project-proactive-controls/v3/en/c9-security-logging • OWASP Log Cheet-sheet  https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
Why Log • Identifying security incidents • Anomaly Detection • Forensics • Identifying Application Security Problems • Also has non-security benefits: • Identifying Performance Pitfalls • Application Perfomance Analysis Use Cases • Business Use Cases
Unstructured Logging
What to Log • Application Logs (Web, Mobile, Desktop …) • Network Appliances Logs • WAF, Db Firewalls, Proxies… Logs • Databases Logs • Monitoring Systems Logs • Operating System Logs • EVERYTHING!!!!!!!
Structured Logging
Elastic
Structured Logging
Log Management Systems • Microservices Era • Tons of logs • Forensics • Alerts • Identify Problems
Log Management Systems
Splunk
Splunk - Structured Logging
Elastic
Attributes To Log • The application logs must record "when, where, who and what" for each event.  When  Where  Who  What
Attributes To Log (When)  Event date and time  Interaction identifier  Method of linking all (relevant) events for a single user interaction (e.g. desktop application form submission, web page request, mobile app button click, web service call)
Attributes To Log (Where)  Application Name and Address  Geolocation  Client IP  Request Path  Application Module
Attributes To Log (Who)  Source Device, Address, IP or any identifier  User Identity such as Username or any other identifier
Attributes To Log (What)  Event Severity Level  Event Type / Event Id  Action  Object  Description  Request/Response  Http Status Code (Success/Failure)  Headers  User Agent  Error (Exception, Stack Trace or any error description)
Data to Not Log • Credentials  Tokens  Passwords • Sensitive Application Data  Database Connection Strings • Sensitive personal data  Bank Card Number or Iban  …
Logging Demo (.NET Core)
Logging Demo
Splunk Demo • Structured Logging • Sensitive Data Masking • Search • Forensics • Analysis • Alerts
Log Configuration Demo
Some logging advices • Log as much as you can  Maybe logging millions of event in few minutes • Log everything in structured manner • Log Interaction Identifier (User Id, Request Id, or any unique identifier)  Allow you to track user interaction between systems or Service to Service Communication • Do not hard-code log configuration • Do not log sensitive Information (Exceptions, Personal Data…) • Log Request/Response details Automatically using Middleware • It make it easy for you to troubleshoot problems between micro-services
Performance Considerations • Logs will be sent to asynchronous log management system • Maybe milliseconds latency • No problem for scalable apps • A little load on CPU • Logs may be better to store on another disk (each disk has own write queue) • You can test performance with/without logs using browser Request Timings or any other tool
Some useful libs (.NET) • AutoWrapper  Wrap application responses in standard format  Automatically log request/responses and errors  Prevent to expose sensitive information on errors to clients • Serilog  Structured Logging  Many sinks  Async batch log emitting  Userful Enrichers

Recomendados

Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin
 
Cm4 secure code_training_1day_error handling and logging
Cm4 secure code_training_1day_error handling and loggingCm4 secure code_training_1day_error handling and logging
Cm4 secure code_training_1day_error handling and logging
dcervigni
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azure
DevSecCon
 
Drive more value through data source and use case optimization
Drive more value through data source and use case optimization Drive more value through data source and use case optimization
Drive more value through data source and use case optimization
Splunk
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Ruby Meditation
 
Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...
Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...
Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...
Lucas Jellema
 
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Splunk
 

Recomendados

Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin
 
Cm4 secure code_training_1day_error handling and logging
Cm4 secure code_training_1day_error handling and loggingCm4 secure code_training_1day_error handling and logging
Cm4 secure code_training_1day_error handling and logging
dcervigni
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azure
DevSecCon
 
Drive more value through data source and use case optimization
Drive more value through data source and use case optimization Drive more value through data source and use case optimization
Drive more value through data source and use case optimization
Splunk
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Ruby Meditation
 
Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...
Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...
Oracle Management Cloud - introduction, overview and getting started (AMIS, 2...
Lucas Jellema
 
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Splunk
 
Threat intelligence solution
Threat intelligence solutionThreat intelligence solution
Threat intelligence solution
ARUN REDDY M
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
Anton Chuvakin
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?
Anton Chuvakin
 
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Lucas Jellema
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
Security Innovation
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics
Precisely
 
The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!
Michele Leroux Bustamante
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Glen Roberts, CISSP
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
Splunk
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Sumo Logic
 
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Log Management For e-Discovery, Database Monitoring and Other Unusual UsesLog Management For e-Discovery, Database Monitoring and Other Unusual Uses
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Anton Chuvakin
 
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Lucas Jellema
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
Xavier Mertens
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
Security BSides London
 
Campus days 2013 - Instrumentation
Campus days 2013 - InstrumentationCampus days 2013 - Instrumentation
Campus days 2013 - Instrumentation
Anders Lybecker
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
Revital Lapidot
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
Revital Lapidot
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC Access
HelpSystems
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 

Más contenido relacionado

Similar a Security Practices - Logging.pptx

Threat intelligence solution
Threat intelligence solutionThreat intelligence solution
Threat intelligence solution
ARUN REDDY M
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
Anton Chuvakin
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?
Anton Chuvakin
 
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Lucas Jellema
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
Security Innovation
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics
Precisely
 
The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!
Michele Leroux Bustamante
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Glen Roberts, CISSP
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
Splunk
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Sumo Logic
 
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Log Management For e-Discovery, Database Monitoring and Other Unusual UsesLog Management For e-Discovery, Database Monitoring and Other Unusual Uses
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Anton Chuvakin
 
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Lucas Jellema
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
Xavier Mertens
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
Security BSides London
 
Campus days 2013 - Instrumentation
Campus days 2013 - InstrumentationCampus days 2013 - Instrumentation
Campus days 2013 - Instrumentation
Anders Lybecker
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
Revital Lapidot
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
Revital Lapidot
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC Access
HelpSystems
 

Similar a Security Practices - Logging.pptx (20)

Threat intelligence solution
Threat intelligence solutionThreat intelligence solution
Threat intelligence solution
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?
 
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics
 
The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Log Management For e-Discovery, Database Monitoring and Other Unusual UsesLog Management For e-Discovery, Database Monitoring and Other Unusual Uses
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
 
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
Modern DevOps across Technologies on premises and clouds with Oracle Manageme...
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
Campus days 2013 - Instrumentation
Campus days 2013 - InstrumentationCampus days 2013 - Instrumentation
Campus days 2013 - Instrumentation
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC Access
 

Último

Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
AnkitaPandya11
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
Karya Keeper
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
YousufSait3
 

Último (20)

Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
 

Security Practices - Logging.pptx

  • 2. Why Log • OWASP Top 10 - A09:2021 – Security Logging and Monitoring  https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/ • OWASP Top Ten Proactive Controls 2018 - C9: Implement Security Logging and Monitoring  https://owasp.org/www-project-proactive-controls/v3/en/c9-security-logging • OWASP Log Cheet-sheet  https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
  • 3. Why Log • Identifying security incidents • Anomaly Detection • Forensics • Identifying Application Security Problems • Also has non-security benefits: • Identifying Performance Pitfalls • Application Perfomance Analysis Use Cases • Business Use Cases
  • 5. What to Log • Application Logs (Web, Mobile, Desktop …) • Network Appliances Logs • WAF, Db Firewalls, Proxies… Logs • Databases Logs • Monitoring Systems Logs • Operating System Logs • EVERYTHING!!!!!!!
  • 9. Log Management Systems • Microservices Era • Tons of logs • Forensics • Alerts • Identify Problems
  • 14. Attributes To Log • The application logs must record "when, where, who and what" for each event.  When  Where  Who  What
  • 15. Attributes To Log (When)  Event date and time  Interaction identifier  Method of linking all (relevant) events for a single user interaction (e.g. desktop application form submission, web page request, mobile app button click, web service call)
  • 16. Attributes To Log (Where)  Application Name and Address  Geolocation  Client IP  Request Path  Application Module
  • 17. Attributes To Log (Who)  Source Device, Address, IP or any identifier  User Identity such as Username or any other identifier
  • 18. Attributes To Log (What)  Event Severity Level  Event Type / Event Id  Action  Object  Description  Request/Response  Http Status Code (Success/Failure)  Headers  User Agent  Error (Exception, Stack Trace or any error description)
  • 19. Data to Not Log • Credentials  Tokens  Passwords • Sensitive Application Data  Database Connection Strings • Sensitive personal data  Bank Card Number or Iban  …
  • 20.
  • 22.
  • 24.
  • 25. Splunk Demo • Structured Logging • Sensitive Data Masking • Search • Forensics • Analysis • Alerts
  • 27. Some logging advices • Log as much as you can  Maybe logging millions of event in few minutes • Log everything in structured manner • Log Interaction Identifier (User Id, Request Id, or any unique identifier)  Allow you to track user interaction between systems or Service to Service Communication • Do not hard-code log configuration • Do not log sensitive Information (Exceptions, Personal Data…) • Log Request/Response details Automatically using Middleware • It make it easy for you to troubleshoot problems between micro-services
  • 28. Performance Considerations • Logs will be sent to asynchronous log management system • Maybe milliseconds latency • No problem for scalable apps • A little load on CPU • Logs may be better to store on another disk (each disk has own write queue) • You can test performance with/without logs using browser Request Timings or any other tool
  • 29. Some useful libs (.NET) • AutoWrapper  Wrap application responses in standard format  Automatically log request/responses and errors  Prevent to expose sensitive information on errors to clients • Serilog  Structured Logging  Many sinks  Async batch log emitting  Userful Enrichers