The last item on the 2017 OWASP Top Ten list is a new addition, and rather a failure of best practice than a vulnerability.
Insufficient Logging and Monitoring, as the name suggests, is where an organisation fails to track activity and responses on their app/site.
Has your login screen recently had 1000 failed login attempts in the past 2 minutes? All from the same IP address or geographic location?
Chances are that’s an attempted Brute Force attack.
Noticed that an account was created and quickly deleted? This could be an attacker covering their tracks.
I found an article here that claimed that in 2016 the average detection rate for an attack was 191 days!
Imagine the damage that could be done to a project you are working on if an attacker had free reign for almost 200 days.
So stay sharp, stay alert and avoid having a Barbrady moment.
Ways to avoid suffering #10 Insufficient Logging and Monitoring
- Build a logging and monitoring plan
- Ensure that logs are not publicly available, and where possible should be backed up securely.
- Use monitoring software (such as New Relic or even Google Analytics) and set thresholds and alerts for appropriate parts of your application/site
Thanks for reading my last post as part of my OWASP Top 10 Goal.
I have created an account to track my goals on Habitica, if you would like to find/add me my user id is: b2d1d942-f62b-4487-a77b-58c8a93baa9c
Disclaimer: My posts for this project reflect my own understanding of the topics, if I’ve missed the point completely please pull me up and correct me in the comments section and I’ll fix it up asap. Also, if you know of any examples of the vulnerability and how best to protect against it please share 🙂