Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Insufficient Logging And Monitoring

  • Home
  • Blog Details
September 10 2021
  • Blog

Lack of logging and monitoring the threats to the application from time to time causes massive problems. It may lead to compromising the entire system and an untraceable attack.

Insufficient Logging And Monitoring

When is it considered Insufficient Logging and Monitoring?

  • Auditable events such as logins failed logins, and logins are not logged
  • Failure of monitoring applications and APIs for suspicious activity
  • Alerting the thresholds and response escalation is ineffective
  • Penetration testing and scans by DAST tools do not trigger the alerts
  • When the application develops to such a state where it could not detect, alert or escalate for attacks in real-time.

Prevention of insufficient logging and monitoring as per OWASP’S guidelines

  • Ensure all login, access control failures, and server-side input validation failures can be logged with sufficient user context to identify suspicious or malicious accounts, and held for sufficient time to allow delayed forensic analysis.
  • Ensure that logs are generated in a format that can be easily consumed by centralized log management solutions.
  • Ensure high-value transactions have an audit trail with integrity controls to prevent tampering or deletion, such as append-only database tables or similar.
  • Establish effective monitoring and alerting such that suspicious activities are detected and responded to in a timely fashion.
  • Usage of Web Application Firewall


WAF – Web Application Firewall

Insufficient logging and monitoring attacks can be prevented with the help of a web application firewall (WAF). A WAF serves as a filter between the server and the web traffic. 

A WAF works based on a set of rulesets, the most common type of ruleset used across any WAF is OWASP Top 10 ModSecurity rulesets. StrrongBox IT’s Modshield SB works on the core ModSecurity rulesets, which can avert SQL injections during the time of the attack.

Get a 14-day free trial

Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver