Insufficient Logging And Monitoring

By
Febna V M
Published on
24 Jun 2018
1 min read
owasp

Insufficient logging and monitoring Exploitation is the bedrock of nearly every major events. An attackers rely on lack of constant monitoring and timely responses to achieve their goals without being recognized.

Example

An attacker uses scanning tools for users with a common password. They can take over all accounts using this one password. For all the other users this scan only leaves one false login loggd. After some days this may repeat with a different passwords.

Impact

Most of the successful attacks start with a vulnerability probing. Allowing such kind of probes to continue can raise the possibility of a successful exploit to nearly 100%. most probably recognizeing a breach will take an average of 6 months that is a lot of time for damage to be deliverd.

Mitigation / Precaution

  • Ensure all login, server-side input validation failures and access control failures are logged with adequate user context to identify doubtful or malicious accounts, and held for enough time to allow held up forensic analysis.
  • Ensure that logs are generated in a format that can be easily used by a centralized log management solutions.
  • Establish efficient monitoring and alerting such that doubtful activities are detected and responded to in a suitable fashion.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Febna V M
Febna V M
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.