Learn about potential logging and output issues, the risks associated with them, and learn how to avoid them.
- We discussed issues with disclosure…through error handling and in a similar vein,…it's possible to expose too much information…in our log messages and system output.…We will start with log information…because it is much easier to inadvertently…cause issues in how you write log messages.…There are two classes of vulnerability in log messages.…The first is exposure of too much of your internal workings…and the second is too much information about your user.…
When you write log messages…often you are providing detailed information…about what is actually happening in your system.…This data can be critical when issues arise…whether they're security focused or operational in nature.…But log messages can also provide too much information,…making your log aggregations an attack point.…Events are one of the things you should always log…whether they are user events of system events…such as authentication or task completions.…
You should also always log errors,…especially in controls that are designed…to prevent attacks against your system…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
Web Security: OAuth and OpenID Connectwith Keith Casey1h 26m Intermediate
Programming Foundations: Design Patternswith Elisabeth Robson2h 19m Intermediate
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.