Security logging and monitoring failures

First appearing on the OWASP Top 10 in 2017 and now moving up the rankings, this category does not point to a specific vulnerability, but rather, the general failure to record login attempts.

This is a crucial strategy for mitigating attacks, as excessive login failures are indicative of breaches. What's more, these logs must be properly backed up and stored in separate locations to prevent unintentional losses in the event of a natural disaster or simple hardware failure. Additional protection can be obtained via real-time monitoring, which ensures that logs are analyzed promptly.

Significant overlap exists between this category and the aforementioned cryptographic failures. Without encryption for both data-at-rest and in transit, it could be surprisingly easy for malicious players to acquire and tamper with log data.

https://www.sitelock.com/blog/top-10-owasp-vulnerabilities/

SELECT id FROM users WHERE username = "sia"

Search This Blog

Security logging and monitoring failures

Security logging and monitoring failures

Comments

Post a Comment