Java Reference
In-Depth Information
deal of accountability to administrators and keeps them from playing god with mission-critical
applications and data. Common administrative activities include creating and deleting users,
accessing user activity logs and reports, performing password resets and account activations,
generating reports containing sensitive information like credit card information or user's per-
sonal information, and so on.
9.2.1.4 Errors and Exceptions
It is necessary to log errors and exceptions of any kind. However, there are several errors and excep-
tions with certain security ramiications, where logging can prove to be a very useful mechanism.
For instance, an attacker tampers with the parameter in a particular HTTP request, as a result of
which the application parses the malicious data but presents an HTTP 500 internal server error.
his exception, which occurs in the application, can be an educational tool for developers, as it
can help in strengthening the application's defenses against the multifarious attacks that are pres-
ent in the wild today. It is a good practice to log all errors and exceptions in the application and
also information like the session identiier of the user and the user identiication at the time of the
exception to trace for any malicious activity during the user's session.
9.2.1.5 Access to Sensitive Information
Several users of the application have access to sensitive information contained within the Web
application. For instance, accounting and billing users have access to sales reports containing
credit card information and/or user-speciic information. In some cases, these users may also
need to have modiication privileges to the said sensitive information. In such cases, logging is
an absolute necessity, because it ensures that all the actions taken by these users are recorded
and the users are made accountable for their actions. If there is a breach of sensitive information,
then by using the logs, the source of the breach may be traced to a particular individual or a set
of individuals.
9.2.2 Web Application Logging—Information to Be Logged
While it is important to log certain speciic types of activities in a Web application security log, it
is all the more important to log the right details in these logs. Logs are only useful if they contain
the requisite information that is required to carry out an active investigation into a breach or a
potential breach or take preventive/corrective measures to address potential security vulnerabili-
ties. For instance, it would be worthless if a log didn't capture the username or the IP address of
the user computer while recording a malicious action being performed by the user. he following
information elements need to be captured by the Web application security logs:
◾
Username/IP address details
◾
Timestamp
◾
Type of event
◾
Success/failure indication
◾
Name/path of afected resource or asset
Search WWH ::
Custom Search