Most security breaches start with a single incident. This course will teach you how to set up correct logging and monitoring for your application, as well as what to log and what not to log in order to detect those incidents on time.
It is extremely important for the security of your company to know what's currently happening to your application. This can be achieved by proper application logging and monitoring. In this course, Secure Coding: Preventing Insufficient Logging & Monitoring, you will learn what to think of when setting up logging and monitoring for applications. First, You will learn what is meant with the risk of insufficient logging and monitoring. Next, you'll explore what your application should and shouldn't log. Finally, you'll discover how to ensure and improve the quality of log files. When you're finished with this course, you'll have all the application logging and monitoring skills and knowledge needed to detect (future) security incidents on time.
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. Since 2004, he started specializing in pentesting complex and feature-rich web applications. Currently, he leads a global team of highly skilled and enthusiastic penetration testers as lead pentester.
Course Overview Hi everyone. My name is Peter Mosmans, and welcome to my course, Secure Coding: Preventing Insufficient Logging and Monitoring. I am a lead penetration tester working for multiple companies around the globe. Did you know that you can log too much information, or that monitoring not enough data can put your application, your network, your whole company at risk? There's a reason why insufficient logging and monitoring is considered so dangerous that OWASP has included it in its list of most dangerous web application risks in OWASP Top 10. In this course, we're going to take a look at logging and monitoring for applications and learn how effective monitoring can increase your overall security. Some of the major topics that we'll cover include what insufficient logging and monitoring is, who decides what should be logged and monitored, making sure that the quality and quantity of log data is correct, and how to securely log personal data. By the end of this course, you'll know all about logging and monitoring for applications. The course itself is for anyone wanting to learn what insufficient logging and monitoring is and wanting to know what applications should and shouldn't log. Knowledge of software development processes is a plus, but not necessary. I hope you'll join me on this journey to learn more about the Preventing Insufficient Logging and Monitoring course here, at Pluralsight.
Determining What Applications Should and Should Not Log In the previous module, we saw why it is so important to have sufficient logging and monitoring in place for your application, creating situational awareness. This module deals with the types of events and data that should be logged and monitored, and those that should not. In fact, it might be more important to know what should not be logged than to know exactly what needs to be logged. That's what the module will start off with, the dangers of logging too much. Then we will visit or somewhat revisit the purposes of logging. Knowing the Why, the purpose and reason behind logging, will make the following part, the What, better to understand. And with the What, I mean I mean the events to log and monitor, what should you log? We close off the module with who should decide what to log and monitor and when during the software development lifecycle. But, first off, the dangers of logging too much.
Improving and Ensuring the Quality of Logfiles Now that we know what we should and should not log and monitor, the quantity, let's take a closer look at how we can assure and improve the quality of the log data. In this module, we will first take a look at the location where log files, log data, can and should be stored. The location has a large influence on the quality. Then we're going to take a look at the format of log files. What is the best format to store your logs in? We have looked at the events, but which data and metadata should be stored? Are there any steps how we can assure or improve upon the integrity, as well as confidentiality of log files, especially when looking at sensitive data, which if you have followed along you shouldn't log in the first place. Which leads us to the last subject of this module-- logging personal data. Should you have the need to log any of that, and I stress SHOULD you have the need, then there are several techniques available to do so. But let's begin with the location.
Applying an Effective Monitoring Strategy After setting the appropriate quality and quantity of log entries, and after having chosen a central log management system, how can we make sure that monitoring is properly embedded into processes? How to apply an effective monitoring strategy. That is what will discuss in this module. First, we will discuss log management, what to do with all that log data during its lifetime. Next, we will take a look at how to define proper response strategies. Then we'll briefly look at some existing solutions, and we will end this module with a module, as well as a course summary. The last module already. Let's start with log management.