This document discusses the importance of application logs for security purposes. It notes that while network, system and other logs have improved, application logs are still often lacking crucial context about user actions and application state. To effectively investigate issues, security analysts need a unified view of all log data, including details applications have about user sessions, access and functionality used. The document urges application developers to make more of this type of contextual log data available to defenders to help connect dots between different system components and entities.
27. Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
This is pretty
much useless*
Friday, October 11, 13
28. Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
This is pretty
much useless*
* from a security perspective.
no doubt that when this breaks you’ll need it
Friday, October 11, 13
29. Let’s get back to basics for a sec here
Friday, October 11, 13
40. Yes, we have fancy dashboards
and graphs
and sometimes synchronized logs from multiple sources
But it’s still a pain in the tuches
Friday, October 11, 13
50. Firewall Web Server
Client X
Client X
ClientY
Client X
ClientY
ClientY
Client X
Client X
Client X
ClientY
ClientY
index
items
index
items+a
items
items+c
checkout
login
confirm
checkout
confirm
Friday, October 11, 13
51. Firewall Web ServerApplication
Client X
Client X
ClientY
Client X
ClientY
ClientY
Client X
Client X
Client X
ClientY
ClientY
index
items
index
items+a
items
items+c
checkout
login
confirm
checkout
confirm
- John, from X, just
bought A and shipped
it paying with CC
- Client fromY tried to
bypass app logic and avoid
payment/auth
Friday, October 11, 13