Insufficient logging and monitoring flaws enable attackers to elude detection or destroy evidence of their activities. In this video, learn how to test for insufficient logging and monitoring flaws.
- [Instructor] The final set of risks in the OWASP … top 10 list are insufficient logging and monitoring flaws. … As developers are building out these applications. … Their initial focus is on just getting everything … to work as expected by the go live date. … If you're fortunate enough to be working with a dev team … who is considering the long-term support … and operation of the app. … Then chances are they've built in … some basic logging functionality … to help them trouble shoot after the app goes live. … But what about security logs? … If your developers don't have security training, … and if security logging requirements … aren't built in to the project. … Then chances are the security logging … and monitoring controls will be deficient at best, … or entirely absent otherwise. … As OWASP points out this is exactly what … attackers are hoping for. … If they can poke and prod your apps without setting off … any alarms then they're more likely to be able … to find a security hole and eventually compromise the app. …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.