logo
allArticlesConferencesPresentations

Five philosophies to building better application logs

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Veronica Schmitt

Summary

The speaker discusses the importance of implementing five simple philosophies for application logging to improve cybersecurity and DevOps practices.
  • The five philosophies were inspired by Gene Kim's book and include keeping logs simple, tagged, clean, focused, and customer-oriented.
  • Logs should be easy to read and maintain, with just enough detail to debug without compromising sensitive information.
  • Tagging sensitive data and creating metadata can help prevent accidental disclosure and aid in digital forensics and incident response.
  • Continuous improvement and psychological safety are crucial for teams to admit mistakes and learn from them.
  • Customer focus should be prioritized in building custom-oriented, secure applications.
The speaker emphasizes the importance of psychological safety in admitting mistakes and learning from them. They note that there is often shame associated with being breached, but it is important to acknowledge and learn from the experience. By implementing the five philosophies for application logging, teams can continuously improve and prioritize customer focus in building secure applications.

Abstract

Abstract:I would like to introduce you to the five philosophies of building application logs with future breaches in mine. These are by no means the only things to consider, and I could potentially write a book or two about my thoughts. I have dealt with teams who have suffered a compromise and had sensitive data disclosures. In my experience I have almost always used the logs, they can contain so much information or they can contain equal amounts of noise. I am on a crusade, to turn developers into ninja forensic coding logging forces of nature. I would like to deal with breaches in which care has been taken with the logs they produce, and not always mumble to my “It would have been nice to have better logs, or any logs for that matter”. It is easy to ask  yourself the question as a developer. Do you take into account that your application will be breached, do you have enough information to determine what happened?” If you answered “I do not know” or “No”. Reach out to me I would like to set you on the path of building forensic and breach readiness into your application logs.
Materials:
Tags:
breach
logs
application
development

Post a comment

Related work

Log story short: Chopping through forests of data

Conference:  Global AppSec Dublin 2023
Authors: Moti Harmats
2023-02-16

All your math are belong to us

Conference:  Defcon 26
Authors:
2018-08-01

Safely running untrusted code in your web application

Conference:  Global AppSec San Francisco 2022
Authors: Jean-Philippe Zolesio
2022-11-17

J4 Gate, The Hustler Poker Cheating Scandal investigation and how Hacking helped me do it.

Conference:  Defcon 31
Authors: Scott "Duckie" Melnick Principal Security Research and Development, Bulletproof International
2023-08-01

How NOT to Start with Kubernetes

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Christian Heckelmann
2021-10-13

Stop the looters: a method to detect digital skimming attacks

Conference:  OWASP 20th Anniversary Event
Authors: Nikolaos Alexiou
2021-09-24