logo
allArticlesConferencesPresentations

Log story short: Chopping through forests of data

Conference:  Global AppSec Dublin 2023

2023-02-16

Authors:   Moti Harmats

Summary

The speaker discusses the importance of monitoring server error logs for security vulnerabilities and shares their experience of discovering critical vulnerabilities through this method.
  • Server error logs can contain indications of application vulnerabilities
  • Creating detection rules and signatures for server error logs can help identify vulnerabilities
  • Lessons learned from monitoring server error logs at scale and in distributed systems
  • Automating security processes is crucial for large enterprises with limited security resources
The speaker shares their experience of discovering SQL injection vulnerabilities in their application through monitoring server error logs, despite previously believing that their applications were free of such vulnerabilities. They emphasize the importance of monitoring server error logs for security issues and the potential for discovering critical vulnerabilities through this method.

Abstract

I work at a large SaaS enterprise. We have dedicated SOC, application & infrastructure security teams and a thriving bug bounty program. We invest millions of dollars in cutting edge security tools & SDLC processes. Sounds like we should be covered for the basics, right? Still, one day I started looking for signs of vulnerabilities in server error logs, and to my horror found some 'SQL syntax' errors. This opened up Pandora's box. 'You have an error in your SQL syntax' - in the context of security everyone knows what this error means. Surprisingly, AppSec teams probably don't actively search for such exceptions in server error logs. Error and exception logs can often contain indications of application vulnerabilities, and with the right methodology you can identify many vulnerabilities that are already present in your production environment. In this talk I will present our journey through the dark forest of server error logs, which resulted in detection of many vulnerabilities of all sorts and creating a reliable application security monitoring pipeline.
Materials:
Slides
Tags:
SaaS
Enterprise
SoC
AppSec
Error Logs

Post a comment

Related work

Security Does Not Need to Be Fun: Ignoring OWASP to Have a Terrible Time

Conference:  Cloud Native SecurityCon North America 2023
Authors: Dwayne McDaniel

Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE

Conference:  Defcon 29
Authors:
2021-08-01

Alexa, Hack My Server(less) Please

Conference:  BlackHat EU 2019
Authors:
2019-12-05

AI & ML in Cyber Security - Why Algorithms are Dangerous

Conference:  BlackHat USA 2018
Authors:
2018-08-09

RustZone: Writing Trusted Applications in Rust

Conference:  BlackHat EU 2018
Authors:
2018-12-06

HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges

Conference:  BlackHat USA 2020
Authors:
2020-08-05