A10: Insufficient Logging and Monitoring

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

1 hour 43 minutes
Video Transcription
Hey, everyone, welcome back to the course. So in this video, we're just gonna wrap up our discussion on the A P I Security top 10 from AWAS. We're gonna talk about insufficient logging and monitoring, so we'll just basically talk about what it is as well as ways we can prevent against it.
So what is insufficient logging of monitoring? While the name itself is pretty self explanatory, it's where were not properly logging information. We're also not monitoring the information and we're not alerting. So what that allows Attackers to do is go completely own noticed are virtually unnoticed as they're clearing out their various attacks.
So, for example, we way we may not be protecting our logs
from Attackers altering them, right? That's one way.
We could also just have no logs or we don't have sufficient logs or we have logging, but nobody's taking a look at it, right? So, again, the Attackers were going unnoticed.
One way we can, um, we're what? One thing we should do is we should make sure we integrate our logs into seems systems, right? So if we're not doing that, that's another way that if we're having to do a manual process on law review.
Attackers air easily going to get through.
So how do we actually prevent against this? What are ways we could prevent against it? Um, one thing is to protect the integrity of logs, for making sure that someone can't just come in and delete all the logs and the and that we can actually have visibility into what's happening.
Tracking log filled attempts, denying access or denied access attempts. Also, if there's input validation failures, tracking those as well in our logs,
ensuring that the logs air properly formatted so we can ingest those logs into various tools that help us preferably into a SIM solution or centralized monitoring solution, where we can see all the log data from all across our network all across their applications in AP eyes and visualize those in one single dashboard.
The other thing is, we want to make sure that the logs themselves have enough detail in them
so we can see everything that's going on as well as making sure that we were redact any type of sensitive information.
So in this video, we talked briefly about what insufficient logging and monitoring is as well as some different ways we can prevent against it. So again, making sure that our logs we have integrity in our lives, making sure that we properly format the log so we can ingest those into various tools and get a better visualization of what's actually going on.
Make sure we have alert
set up. So we get alerted to any issues going on and then rid acting sensitive information as well as maintaining the integrity of the logs.
Up Next