Scribd
Upload
53 views13 pages

W4 Murrell Presentation 3

Uploaded by

Robert Glen Murrell Jr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
53 views13 pages

W4 Murrell Presentation 3

Uploaded by

Robert Glen Murrell Jr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Importance of Security

Logging and Monitoring


Failures - OWASP A09:2021
Enhancing Web
Application
Security
Robert
Murrell CYB
350 A314
We Are
•FurtTch
Industry:
• Automotive Repair and Maintenance Industry: This industry encompasses businesses that provide a wide range
of mechanical and electrical repair and maintenance services for vehicles, including cars, trucks, and
motorcycles.

• Products and Services:

• Vehicle Maintenance Services: Routine and scheduled services such as oil changes, brake checks, tire
rotations, fluid refills, and tune-ups to ensure vehicles are running efficiently and safely.

• Repair Services: Handling more complex mechanical and electrical repairs such as engine rebuilds,
transmission repairs, exhaust systems repairs, and electrical system fixes.

• Diagnostic Services: Utilizing advanced diagnostic tools to accurately troubleshoot issues. This often includes
reading codes from a vehicle’s onboard computer system to diagnose problems and assess the condition of
major components.

• Customization and Upgrades: Offering customization services such as installing new tires, suspension
kits, exhaust upgrades, and performance

Introduction to OWASP Top 10

• What is OWASP Top 10? An awareness document highlighting the top


10 security risks for web applications.
• Importance for Developers: Guides in prioritizing security threats to
mitigate.
• Evolution of Threats: Updates reflect emerging security concerns
and changing technologies.
• Community-Driven Insights: Compiled from a broad survey of
security professionals.
• Framework for Security: A baseline for developing secure web
applications.
Overview of A09:2021 -
Security Logging and
Monitoring Failures
Introduction to A09:2021: Focused on the failure to log and monitor
security events.

Community Ranking: Rose to position # 3 in 2021, up from # 1 0 in


2017.

Key Vulnerabilities: Related to insufficient or ineffective logging and


monitoring.

Impact of Failures: Directly affects the ability to detect and respond to


breaches.

Expanded Threats: Includes CWEs like CWE-778, CWE-117, CWE-223, and


CWE-532.
Why is Logging and
Monitoring Critical?

Detect Active Breaches: Essential for identifying ongoing security incidents.

Accountability and Visibility: Provides a trail of activities for auditing and


investigation.

Incident Response: Enables quick and effective response to security threats.

Forensic Analysis: Critical for understanding and mitigating damage post-breach.

Compliance and Standards: Often a requirement under data protection


regulations.
Common Logging
and Monitoring
Failures
Unlogged Events: Important actions like logins and
transactions are not recorded.

Ineffective Log Messages: Errors and warnings are


unclear or not generated.

Lack of Monitoring: Logs not regularly checked for


suspicious activities.
Local Storage of Logs: Increases risk of tampering and
loss. Poor Alerting Processes: Ineffective thresholds and
response escalations.
Testing and
Detection Challenges
Difficult to Test: Security logging often assessed
via interviews or penetration testing.
Limited CVE/CVSS Data: Few vulnerabilities directly
linked to logging issues.
Real-Time Detection: Systems fail to identify or alert on
attacks promptly.
Visibility to Attackers: Improper handling may expose logs
to unauthorized users.
Comprehensive Testing Required: Emphasizes need for
robust security evaluations.
Preventative
Measures and Best
Practices
Log All Critical Events: Ensure comprehensive logging
of security-relevant actions.

Standardized Log Formats: Facilitates easier monitoring


and analysis.

Proper Encoding and Handling: Prevents injection


attacks against log systems.

Integrity Controls for High-Value Data: Use measures like


append-only databases.

Robust Monitoring and Alerting: Set up systems for


timely detection and response.
Tools and Technologies
for Improvement
OWASP ModSecurity Core Rule Set: Provides robust
application firewall capabilities.

ELK Stack: Effective for log aggregation and real-time


analysis.

Custom Dashboards and Alerts: Tailor monitoring tools


to specific organizational needs.

Use of DAST Tools like OWASP ZAP: Automates testing


for security issues.

NIST 800-61r2 Framework: Guides establishment of


incident response plans.
Real-World Impact:
Example Attack Scenario
Case Study: Children's health plan provider's breach
undetected for over seven years.

Cause of Breach: No monitoring or logging of sensitive


health records.

Consequences: Compromise of 3.5 million records.

External Detection: Breach noticed by an external party, not


internal systems.

Post-Incident Analysis: Revealed significant unaddressed


vulnerabilities.
Implementing a
Security-First
Culture
DevSecOps Integration: Embed security practices within
development and operations.

Continuous Education: Regular training on security threats


and best practices.

Policy Development: Establish clear policies for


logging, monitoring, and response.

Security Audits: Routine audits to identify and rectify security


lapses.

Stakeholder Engagement: Involve all levels of the organization in


security practices.
Conclusion and Call to Action
Recap of Importance: Stress on the necessity of effective logging
and monitoring.

Organizational Benefits: Enhanced detection capabilities and reduced risk.

Immediate Steps: Evaluate current logging practices and implement


improvements.

Commitment to Security: Encourage ongoing commitment to application


security.

Questions and Discussion: Open floor for feedback and queries from the
team.
This structured approach will provide your team with a
comprehensive understanding of security logging and monitoring
failures, why they matter, how they can be addressed, and the tools
Reference
OWASP Top 10:2021 s
A09 Security Logging and Monitoring Failures

https://owasp.org/www-project-proactive-controls/v3/en/c9-security-logging.html

OWASP Proactive Controls: Implement Logging and Monitoring

OWASP Application Security Verification Standard: V7 Logging and Monitoring

OWASP Testing Guide: Testing for Detailed Error Code

OWASP Cheat Sheet: Application Logging Vocabulary

OWASP Cheat Sheet: Logging

Data Integrity: Recovering from Ransomware and


Other Destructive Events

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive

Events Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

You might also like