Logging is an important tool in detecting and understanding malicious activity. It can also become a security liability if sensitive information is logged.
- Logging plays an important role in security. … It provides evidence after an incident to help … establish what happened, … and logs can help you to find and fix problems. … However, be aware that logging itself can become … a security liability. … We need to be smart about what gets logged … and how it gets logged. … There are there main activities you should log. … You should log any errors that occur. … Include as many details about the error as possible, … it will help you to understand the state of the application … when the error took place and to track down the problem. … You should also log any sensitive actions. … Examples might include logins by users or admins, … changing user permissions, financial transactions, … file exports, or deleting database records. … You should log suspicious activity, … which might indicate an attack. … This might be page requests sent in too quickly … or requests looking for common vulnerabilities. … For example, I don't run a WordPress site, …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.