Store

Insufficient Logging & Monitoring

In order to track and detect data breaches, organizations need to log events like attack footprints, surfaces and timestamps that are of interest to them in the context of their web application.

It has been observed that the average discovery time for a security breach is more than 200 days after it has happened, giving attackers plenty of time to intensify the attack vectors and wreak havoc.

Logging is nothing but recording of the occurrence of an event or security incidence in your web application such as repeated failed login attempts from the same IP.

Monitoring, on the other hand, refers to continually keeping an eye on these logs to escalate to the incident response team for proactive and timely action.

Category: Loopholes: Section-III

Description

Description

Remediation Techniques:

Make sure all suspicious activities / events (such as failed logins, access control failures, input validation failures etc) are logged and traced to identify malicious activities in a format that can be fed into a centralized logging systems.
Maintain detailed audit trails for important transactions to prevent unauthorized tampering of data.
Establish an incident response tick list and disaster recovery plan in place.

Insufficient Logging & Monitoring

Description

Related products

Vulnerable Components

XXE – XML External Entities