From the course: Programming Foundations: Secure Coding
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Logging and output issues
From the course: Programming Foundations: Secure Coding
Logging and output issues
- We discussed issues with disclosure through error handling and in a similar vein, it's possible to expose too much information in our log messages and system output. We will start with log information because it is much easier to inadvertently cause issues in how you write log messages. There are two classes of vulnerability in log messages. The first is exposure of too much of your internal workings and the second is too much information about your user. When you write log messages often you are providing detailed information about what is actually happening in your system. This data can be critical when issues arise whether they're security focused or operational in nature. But log messages can also provide too much information, making your log aggregations an attack point. Events are one of the things you should always log whether they are user events of system events such as authentication or task completions. You should also always log errors, especially in controls that are…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Error handling issues3m 21s
-
(Locked)
Logging and output issues4m 10s
-
(Locked)
Internal data management issues3m 9s
-
(Locked)
Configuration issues4m 29s
-
(Locked)
Database issues3m 51s
-
(Locked)
File and I/O issues3m 54s
-
(Locked)
Memory management issues4m 34s
-
(Locked)
Dependency issues2m 46s
-
(Locked)
-
-
-