SlideShare a Scribd company logo

09 application security fundamentals - part 2 - security mechanisms - logging

A
appsec

Logging is an important security mechanism that records events for auditing purposes. It is important to log security-related events like administrative actions, logins, and password changes/resets. When logging, sensitive data like passwords should be avoided and tainted or excessive data can cause issues. Log files are also vulnerable to spoofing if carriage returns are not properly filtered from user input.

Technology
1 of 11
1
2
3
4
5
6
7
8
9
10
11
LOGGING Security Mechanism: Authentication Authorization Session Management Data Validation Error Handling Logging Encryption
Logging Core Concepts What happened? Who was doing what, when & where? important to have an application log in addition to the server log Not just bugs & error events… Determine what security events should be auditable. For example: • Use of administrative functions • Login success & failures • Password reset attempts • Password changes
Logging Words to Live By  Avoid logging sensitive data (e.g., passwords)  Beware of logging tainted data to the logs  Beware of logging excessive data  Beware of potential log spoofing
Logging Words to Live By: #1  The problem – Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Avoid logging sensitive data (e.g., passwords)
Real World Example – Logging Sensitive Data
Secure Coding …  Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files. – Passwords – Credit card information – Trade secrets – Social security number – Medical data
Logging Words to Live By: #2  The problem – The software does not neutralize or incorrectly neutralizes output that is written to logs. Beware logging tainted data to the logs
Logging Words to Live By: #3  The problem – The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack. Beware of logging excessive data
Logging Words to Live By: #4  The problem – The software uses CRLF (carriage return line feeds) as a special element, e.g., to separate lines or records, but it does neutralize or incorrectly neutralizes CRLF sequences from inputs. Beware of potential log spoofing
Real World Example – Log Spoofing CVE-2006-4624:
Secure Coding …  Appropriately filter or quote CRLF sequences in user- controlled input. 1 string streetAddress = request.getParameter("streetAddress")); 2 3 if (streetAddress.length() > 150) error(); 4 streetAddress = RemoveCarriageReturns(streetAddress); 5 6 logger.info("User's street address: " + streetAddress);

More Related Content

PDF
MITRE ATT&CK and 2017 FSB Indictment
Digital Shadows
 
PDF
Mitre ATTACK and the North Korean Regime-Backed Programmer
Digital Shadows
 
PPTX
Covert channels: A Window of Data Exfiltration Opportunities
Joel Aleburu
 
PPTX
Ethical Hacking
Bharat Sabne
 
PDF
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Digital Shadows
 
PPT
Ethical hacking
Meghal Murkute
 
PPT
Ethical Hacking
Rohan Raj
 
PPT
Introduction to Hacking
Rishabha Garg
 
MITRE ATT&CK and 2017 FSB Indictment
Digital Shadows
 
Mitre ATTACK and the North Korean Regime-Backed Programmer
Digital Shadows
 
Covert channels: A Window of Data Exfiltration Opportunities
Joel Aleburu
 
Ethical Hacking
Bharat Sabne
 
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Digital Shadows
 
Ethical hacking
Meghal Murkute
 
Ethical Hacking
Rohan Raj
 
Introduction to Hacking
Rishabha Garg
 

What's hot (20)

PPT
Computer Systems Security
drkelleher
 
PDF
Mobile App Security - Best Practices
RedBlackTree
 
PDF
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
PPTX
Types of Malware (CEH v11)
EC-Council
 
PDF
Point-Of-Sale Hacking - 2600Thailand#20
Prathan Phongthiproek
 
PPT
Ethical hacking
kawsarahmedchoudhuryzzz
 
PDF
Ethical hacking
Mohammad Affan
 
PPT
Ethical Hacking
Mukul Agarwal
 
PPTX
What's new in​ CEHv11?
EC-Council
 
PPTX
Automating cybersecurity
Singtel
 
PPTX
Protection from hacking attacks
Sugirtha Jasmine M
 
PPTX
Ethical Hacking
BugRaptors
 
PDF
Ransomware protection
Rohit Srivastwa
 
PPTX
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
PPTX
HACKERS ATTACK PROCESS
UK Defence Cyber School
 
PPTX
Mis security system threads
Leena Reddy
 
PPT
Ch8ed12romney
woyaoni
 
PDF
Siem requirement.pdfsd
Norman Funzani Manenzhe
 
PPTX
Data security
Soumen Mondal
 
PPT
Ethical hacking by shivam
Shivam Ðreamchazer
 
Computer Systems Security
drkelleher
 
Mobile App Security - Best Practices
RedBlackTree
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
Types of Malware (CEH v11)
EC-Council
 
Point-Of-Sale Hacking - 2600Thailand#20
Prathan Phongthiproek
 
Ethical hacking
kawsarahmedchoudhuryzzz
 
Ethical hacking
Mohammad Affan
 
Ethical Hacking
Mukul Agarwal
 
What's new in​ CEHv11?
EC-Council
 
Automating cybersecurity
Singtel
 
Protection from hacking attacks
Sugirtha Jasmine M
 
Ethical Hacking
BugRaptors
 
Ransomware protection
Rohit Srivastwa
 
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
HACKERS ATTACK PROCESS
UK Defence Cyber School
 
Mis security system threads
Leena Reddy
 
Ch8ed12romney
woyaoni
 
Siem requirement.pdfsd
Norman Funzani Manenzhe
 
Data security
Soumen Mondal
 
Ethical hacking by shivam
Shivam Ðreamchazer
 
Ad

Viewers also liked (20)

PDF
Web Application Security 101 - 12 Logging
Websecurify
 
PPTX
Docker Indy Meetup Monitoring 30-Aug-2016
Matt Bentley
 
PPTX
Elastic - ELK, Logstash & Kibana
SpringPeople
 
PDF
Real-time data analysis using ELK
Jettro Coenradie
 
PPTX
SNMP Demystified Part-I
ManageEngine
 
PPTX
SNMP Demystified Part-II
ManageEngine
 
PPT
Monitor and manage everything Cisco using OpManager
ManageEngine
 
PPTX
Monitoring Docker with ELK
Daniel Berman
 
PPTX
snmp
حسن رشید
 
PPTX
Desmitificando SNMP
ManageEngine
 
PPTX
SOC2016 - The Investigation Labyrinth
chrissanders88
 
PDF
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
vivekrajan
 
PPTX
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
BizTalk360
 
PPTX
Zenoss seminar
प्रफुल्लकुमार भोसले
 
PPT
Using Canary Honeypots for Network Security Monitoring
chrissanders88
 
PPTX
ELK at LinkedIn - Kafka, scaling, lessons learned
Tin Le
 
PPT
Applied Detection and Analysis with Flow Data - SO Con 2014
chrissanders88
 
PPT
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
chrissanders88
 
PPTX
Art into Science 2017 - Investigation Theory: A Cognitive Approach
chrissanders88
 
PDF
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
 
Web Application Security 101 - 12 Logging
Websecurify
 
Docker Indy Meetup Monitoring 30-Aug-2016
Matt Bentley
 
Elastic - ELK, Logstash & Kibana
SpringPeople
 
Real-time data analysis using ELK
Jettro Coenradie
 
SNMP Demystified Part-I
ManageEngine
 
SNMP Demystified Part-II
ManageEngine
 
Monitor and manage everything Cisco using OpManager
ManageEngine
 
Monitoring Docker with ELK
Daniel Berman
 
snmp
حسن رشید
 
Desmitificando SNMP
ManageEngine
 
SOC2016 - The Investigation Labyrinth
chrissanders88
 
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
vivekrajan
 
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
BizTalk360
 
Zenoss seminar
प्रफुल्लकुमार भोसले
 
Using Canary Honeypots for Network Security Monitoring
chrissanders88
 
ELK at LinkedIn - Kafka, scaling, lessons learned
Tin Le
 
Applied Detection and Analysis with Flow Data - SO Con 2014
chrissanders88
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
chrissanders88
 
Art into Science 2017 - Investigation Theory: A Cognitive Approach
chrissanders88
 
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
 
Ad

Similar to 09 application security fundamentals - part 2 - security mechanisms - logging (20)

PPTX
Cm4 secure code_training_1day_error handling and logging
dcervigni
 
PPT
Six Mistakes of Log Management 2008
Anton Chuvakin
 
PPTX
Security Practices - Logging.pptx
Alireza Vafi
 
PDF
Annual OktCyberfest 2019
Fahad Al-Hasan
 
PDF
When Security Tools Fail You
Michael Gough
 
PDF
Web security uploadv1
Setia Juli Irzal Ismail
 
PPTX
Designing and Implementing Effective Logging Strategies
AndreaCapolei1
 
PPTX
Uwvwwbwbwbwbwbwbwbnit-4 - web security.pptx
VikasTuwar1
 
PPT
oiqwjrfoijqwwieoefmklqwmefioqjweeifmqwklefmqwef
ramrajcottons02
 
PPTX
How to Test for The OWASP Top Ten
Security Innovation
 
PDF
Serverless Security Checklist
Simform
 
PPTX
Security Operation Center Presentat.pptx
ImranKhan441149
 
PDF
Unit 3 Significance of Log File Analysis in Pentesting.pdf
ChatanBawankar
 
PPTX
EventLog Analyzer - Product overview
ManageEngine EventLog Analyzer
 
PPTX
Log maintenance network securiy
Mohsin Ali
 
PPTX
Power of logs: practices for network security
Information Technology Society Nepal
 
PDF
Data Protection In eCommerce Store Development_ Essential Technical Best Prac...
CartCoders
 
PPTX
Owasp Top 10 2017
SamsonMuoki
 
PPT
Survey Presentation About Application Security
Nicholas Davis
 
PPTX
Security Operation Center Presentat.pptx
ImranKhan441149
 
Cm4 secure code_training_1day_error handling and logging
dcervigni
 
Six Mistakes of Log Management 2008
Anton Chuvakin
 
Security Practices - Logging.pptx
Alireza Vafi
 
Annual OktCyberfest 2019
Fahad Al-Hasan
 
When Security Tools Fail You
Michael Gough
 
Web security uploadv1
Setia Juli Irzal Ismail
 
Designing and Implementing Effective Logging Strategies
AndreaCapolei1
 
Uwvwwbwbwbwbwbwbwbnit-4 - web security.pptx
VikasTuwar1
 
oiqwjrfoijqwwieoefmklqwmefioqjweeifmqwklefmqwef
ramrajcottons02
 
How to Test for The OWASP Top Ten
Security Innovation
 
Serverless Security Checklist
Simform
 
Security Operation Center Presentat.pptx
ImranKhan441149
 
Unit 3 Significance of Log File Analysis in Pentesting.pdf
ChatanBawankar
 
EventLog Analyzer - Product overview
ManageEngine EventLog Analyzer
 
Log maintenance network securiy
Mohsin Ali
 
Power of logs: practices for network security
Information Technology Society Nepal
 
Data Protection In eCommerce Store Development_ Essential Technical Best Prac...
CartCoders
 
Owasp Top 10 2017
SamsonMuoki
 
Survey Presentation About Application Security
Nicholas Davis
 
Security Operation Center Presentat.pptx
ImranKhan441149
 

More from appsec (12)

PPTX
23 owasp top 10 - resources
appsec
 
PPTX
15 owasp top 10 - a3-xss
appsec
 
PPTX
12 owasp top 10 - introduction
appsec
 
PPTX
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
PPTX
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
PPTX
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
PPTX
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
PPTX
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
PPTX
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
PPTX
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
PPTX
02 application security fundamentals - part 1 - security priciples
appsec
 
PPTX
01 Application Security Fundamentals - part 1 - introduction and goals
appsec
 
23 owasp top 10 - resources
appsec
 
15 owasp top 10 - a3-xss
appsec
 
12 owasp top 10 - introduction
appsec
 
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
02 application security fundamentals - part 1 - security priciples
appsec
 
01 Application Security Fundamentals - part 1 - introduction and goals
appsec
 

Recently uploaded (20)

PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Encapsulation theory and applications.pdf
gurumoop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
KodekX | Application Modernization Development
KodekX
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Approach and Philosophy of On baking technology
30anthuong17
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 

09 application security fundamentals - part 2 - security mechanisms - logging

  • 2. Logging Core Concepts What happened? Who was doing what, when & where? important to have an application log in addition to the server log Not just bugs & error events… Determine what security events should be auditable. For example: • Use of administrative functions • Login success & failures • Password reset attempts • Password changes
  • 3. Logging Words to Live By  Avoid logging sensitive data (e.g., passwords)  Beware of logging tainted data to the logs  Beware of logging excessive data  Beware of potential log spoofing
  • 4. Logging Words to Live By: #1  The problem – Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Avoid logging sensitive data (e.g., passwords)
  • 5. Real World Example – Logging Sensitive Data
  • 6. Secure Coding …  Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files. – Passwords – Credit card information – Trade secrets – Social security number – Medical data
  • 7. Logging Words to Live By: #2  The problem – The software does not neutralize or incorrectly neutralizes output that is written to logs. Beware logging tainted data to the logs
  • 8. Logging Words to Live By: #3  The problem – The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack. Beware of logging excessive data
  • 9. Logging Words to Live By: #4  The problem – The software uses CRLF (carriage return line feeds) as a special element, e.g., to separate lines or records, but it does neutralize or incorrectly neutralizes CRLF sequences from inputs. Beware of potential log spoofing
  • 10. Real World Example – Log Spoofing CVE-2006-4624:
  • 11. Secure Coding …  Appropriately filter or quote CRLF sequences in user- controlled input. 1 string streetAddress = request.getParameter("streetAddress")); 2 3 if (streetAddress.length() > 150) error(); 4 streetAddress = RemoveCarriageReturns(streetAddress); 5 6 logger.info("User's street address: " + streetAddress);