adporn.net A9: Security logging and monitoring failures - SonarQube Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Static Application Security Testing

Unlock the full course today

Join today to access over 24,400 courses taught by industry experts.

A9: Security logging and monitoring failures

A9: Security logging and monitoring failures - SonarQube Tutorial

From the course: Static Application Security Testing

Start my 1-month free trial Buy for my team

A9: Security logging and monitoring failures

“

- [Instructor] The ninth set of risks in the OWASP top 10 list are security logging and monitoring failures. As developers are building out these applications, their initial focus is on just getting everything to work as expected by the go-live date. If you are fortunate enough to be working with a dev team who is considering the long-term support and operation of the app, then chances are they've built in some basic logging functionality to help them troubleshoot the app after it goes live. But what about security logs? If your developers don't have security training and if security logging requirements aren't built into the project, then chances are the security logging and monitoring controls will be deficient at best and entirely absent otherwise. As OWASP points out, this is exactly what attackers are hoping for. If they can poke and prod at your apps without setting off any alarms, then they're more likely to be able…

Contents