Keeping activity logs for applications' analytics or keeping error logs for debugging purposes are very different to when the aim is to improve the security of the information and the privacy of the users, as Incident Response teams should be able to rebuild the path followed by an attacker that manages to breach the application's security, and the security monitoring equipment should be able to interpret and process logged information so that it is able to generate alerts of possible security issues in nearly real time; all of this needs to be done while protecting the users' privacy by not storing any sensitive or personally identifiable information about them.
In this recipe, we will cover the key aspects to consider when designing and implementing the logging mechanisms of a web application...