Organizations implement logging and monitoring policies in order to capture and retain logs that are crucial for visibility into production environments. In this video, learn the relationship between web application security testing and logging and monitoring, as well as the steps you should take to ensure that you're adhering to this policy.
- [Instructor] Have you ever heard the phrase, … pictures or it didn't happen? … That phrase is uncannily accurate … when it comes to security events as well. … That's where you should round out your documentation review … by taking a close look at your company's logging … and monitoring policy. … I mentioned earlier that I've worked … on a number of security incidents throughout my career. … I've worked multiple incidents … where the impacted organization didn't have a logging … and monitoring policy. … More importantly, they didn't have the log data … that I needed to determine exactly what happened … including whether or not … sensitive regulated data was stolen. … Logging and monitoring is no joke. … Weak or non-existent logging and monitoring controls … can contribute to a business ending event. … At a high level, log management is just generating … and storing system and application logs … so you can look at them later. … When it comes to application security testing, … the application's ability to generate log data …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.