From the course: Dynamic Application Security Testing
Unlock the full course today
Join today to access over 23,200 courses taught by industry experts.
A9: Security Logging and monitoring failures - Burp Suite Tutorial
From the course: Dynamic Application Security Testing
A9: Security Logging and monitoring failures
- [Instructor] The ninth set of risks in the OWASP top 10 list are Security Logging and Monitoring Failures. As developers are building out their applications, their initial focus is on just getting everything to work as expected by the go live date. If you are fortunate enough to be working with the dev team who is considering the long-term support and operation of the app, then chances are they've built in some basic logging functionality to help them troubleshoot the app after it goes live. But what about security logs? If your developers don't have security training and if security logging requirements aren't built into the project, then chances are the security logging and monitoring controls will be deficient at best and entirely absent at worst. As OWASP points out, this is exactly what attackers are hoping for. If they can poke and prod at your apps without setting off any alarms, then they're more likely…
Contents
-
-
-
-
-
-
(Locked)
The OWASP Top Ten3m 16s
-
(Locked)
A1: Broken access control5m 58s
-
(Locked)
A2: Cryptographic failures6m 49s
-
(Locked)
A3: Injection7m 44s
-
(Locked)
A4: Insecure design5m 30s
-
(Locked)
A5: Security misconfiguration7m 25s
-
(Locked)
A6: Vulnerable and outdated components7m 7s
-
(Locked)
A7: Identification and authentication failures6m 59s
-
(Locked)
A8: Software and data integrity failures5m 58s
-
(Locked)
A9: Security Logging and monitoring failures6m 54s
-
(Locked)
A10: Server-side request forgery (SSRF)5m 4s
-
(Locked)
-