Java Reference
In-Depth Information
hensive view of the event, which eases the job of log analysis and also is more efective when logs
have to be correlated to create a series of connected events.
9.2.3 Details to Be Omitted from Web Application Logs
Web application logging is one of the pillars of a strong Web application security program.
However, this control can also turn into a potential security vulnerability if not implemented cor-
rectly. Often, it is seen that developers implement the application to log the wrong type of informa-
tion, thereby potentially exposing the application's critical information assets. For instance, if the
e-commerce application log captures credit card information in cleartext, then this information
would be stored in the log iles. Log iles are generally protected like the other critical information
assets in the Web application and therefore, critical information assets may be at greater risk of
exposure because of logging certain sensitive details. Sensitive information like user passwords,
credit card information, personal information, and such should not be logged as part of the Web
application security logs. hey are mostly details unnecessary to be captured as part of the logs,
and the worst part is that it could afect the security of the Web application adversely.
9.2.4 Application Logging—Best Practices
We have discussed some of the implementation requirements for implementing a comprehensive Web
application security logging system. We will now explore some of the best practices in maintaining
an efective log management system and ensuring that it is available for analysis at any given time.
9.2.4.1 Storage of Application Logs
It is recommended that logs from all systems be collected in a centralized log server or similar sys-
tem. his practice has two major beneits. he irst is that of security. If the logs are spread across the
organization's network, it is hard to enforce and maintain security controls over the entire breadth of
the organization consistently. he other beneit is that a centralized location provides a better scope
for storing and analysis. In addition to the analysis of the application logs, system logs and logs from
network devices can be analyzed to understand the complete efect of a possible security breach.
9.2.4.2 Security for Application Logs
Application logs need to be protected like any other information assets in the organization. Logs
contain detailed information about an application and its users. he most important security
concern with application logs is related not to conidentiality but to integrity and availability.
For instance, if a malicious application administrator has modify and delete privileges to the
logs, then he/she might delete or modify the logs to cover up for any nefarious activity that the
administrator has undertaken. Similarly, in any other situation, if the logs are deleted, then
critical information that would have otherwise been immensely useful, is lost. One of the secu-
rity measures is a centralized logging mechanism to collate all the logs from various systems.
Some other measures include logical access control to the server containing logs. his ensures
that unauthorized individuals do not have access to the log server. Another common security
vulnerability for organizations is that they do not secure their directory containing logs in a
Web server or application server. his could prove to be a very serious compromise of the orga-
nization's security, as these logs are often available easily through even a crafted Google search
Search WWH ::
Custom Search