2021 OWASP Top Ten: Security Logging and Monitoring Failures

by F5 DevCentral
Video Thumbnail

📚 Main Topics

  1. Overview of Security Logging and Monitoring Failures

    • Ranked #9 in the 2021 OWASP Top 10 Security Risks.
    • Moved up from #10 in the 2017 list.
    • Based on survey data and interviews due to challenges in testing and collecting data.

  2. Importance of Sufficient Logging and Monitoring

    • Essential to log auditable events (e.g., logins, failed logins, high-value transactions).
    • Need for monitoring logs for suspicious activities, especially in APIs.

  3. Backup and Redundancy

    • Logs should not only be stored locally but also backed up off-site for disaster recovery.

  4. Alerting and Response Mechanisms

    • Establish appropriate alerting thresholds and escalation processes.
    • Real-time or near real-time detection of active attacks is crucial.

  5. Real-World Examples of Failures

    • Case studies of health plan providers and airlines that suffered data breaches due to inadequate logging and monitoring.

  6. Development and Production Environment Considerations

    • Importance of maintaining logging configurations throughout the development lifecycle (staging, QA, production).

  7. Best Practices for Effective Logging and Monitoring

    • Ensure logging of login attempts, access control failures, and server-side input validation.
    • Maintain logs long enough for forensic analysis.
    • Format logs for easy consumption by log management solutions.
    • Encode log data correctly to prevent injection attacks.

  8. Establishing Incident Response Plans

    • Importance of having a recovery plan in place for when attacks occur.

✨ Key Takeaways

  • Security logging and monitoring failures remain a significant risk in application security.
  • Organizations must prioritize logging and monitoring to detect and respond to security incidents effectively.
  • Proper configuration and maintenance of logging practices are essential throughout the software development lifecycle.
  • Real-time monitoring and alerting can significantly reduce the impact of security breaches.

🧠 Lessons Learned

  • Logging is not just about collecting data; it requires active monitoring and analysis.
  • Organizations should not rely solely on third-party services for logging and monitoring; they must implement their own robust systems.
  • Continuous improvement and regular audits of logging practices can help mitigate risks associated with security failures.

Keywords: f5 devcentral owasp top 10 owasp top 10 explained with examples logging monitoring security risk attack owasp top 10 vulnerabilities