Five philosophies to building better application logs


Authors:   Veronica Schmitt


The speaker discusses the importance of implementing five simple philosophies for application logging to improve cybersecurity and DevOps practices.
  • The five philosophies were inspired by Gene Kim's book and include keeping logs simple, tagged, clean, focused, and customer-oriented.
  • Logs should be easy to read and maintain, with just enough detail to debug without compromising sensitive information.
  • Tagging sensitive data and creating metadata can help prevent accidental disclosure and aid in digital forensics and incident response.
  • Continuous improvement and psychological safety are crucial for teams to admit mistakes and learn from them.
  • Customer focus should be prioritized in building custom-oriented, secure applications.
The speaker emphasizes the importance of psychological safety in admitting mistakes and learning from them. They note that there is often shame associated with being breached, but it is important to acknowledge and learn from the experience. By implementing the five philosophies for application logging, teams can continuously improve and prioritize customer focus in building secure applications.


Abstract:I would like to introduce you to the five philosophies of building application logs with future breaches in mine. These are by no means the only things to consider, and I could potentially write a book or two about my thoughts. I have dealt with teams who have suffered a compromise and had sensitive data disclosures. In my experience I have almost always used the logs, they can contain so much information or they can contain equal amounts of noise. I am on a crusade, to turn developers into ninja forensic coding logging forces of nature. I would like to deal with breaches in which care has been taken with the logs they produce, and not always mumble to my “It would have been nice to have better logs, or any logs for that matter”. It is easy to ask  yourself the question as a developer. Do you take into account that your application will be breached, do you have enough information to determine what happened?” If you answered “I do not know” or “No”. Reach out to me I would like to set you on the path of building forensic and breach readiness into your application logs.


Post a comment

Related work

Conference:  Defcon 26

Conference:  Defcon 31
Authors: Scott "Duckie" Melnick Principal Security Research and Development, Bulletproof International

Authors: Christian Heckelmann