Auditing and logging
Checking for the completeness of application audit logs is one of the most important procedural aspects of application security assessment. Audit logs are categorized as detective controls which come handy in the case of a security incident. An enterprise application is typically complex in nature and interconnected with several other systems such as a database server, load balancer, caching server and many more. In the case of a breach, audit logs play the most important role in reconstructing the incident scenario. Audit logs with insufficient details would limit the incident investigation to a greater extent. So the capability of an application to generate event logs must be carefully examined to find any shortcomings as applicable.
OWASP mapping
Auditing and logging-related vulnerabilities are part of the OWASP Top 10 2017. They are covered under A10:2017 Insufficient Logging and Monitoring. Some of the vulnerabilities listed under this category are as follows:
- The...