Member-only story
Logging and Monitoring in Software Security
This is about we make sure we know what is going on with our application.
Also we should get notification when something suspicious happens. Also we can collect data for future analysis of the system’s behavior.
Why we need it?
This is great way for detecting attacks or suspicious activities or any similar. Logging and monitoring provides holistic view on the system. It can warn us against,
- Data leak
- Data loss
- Data inconsistency
- Disruption of Service
Note that logging and monitoring do not protect against threats but warn us against threats. In other words they are not exactly in line of defense but really good tool for detecting the threats.
Logging
This should be part of the existing platform. There is nothing called security logging. We should log everything that might be security related such as authentication events (logging times, user’s activities), No of of Authentication API calls per given time, Validation problems etc..
All of these details might point to security attack. For example, repeated validation problem might point to someone who tries to initiate cross site scripting attacks. Log-in…
