.NET Framework 2.0 Security Inspection Questions - Auditing and Logging

From Guidance Share

- J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, Rudolph Araujo

Auditing and Logging Vulnerabilities and Implications

Vulnerability	Implications
Lack of logging	It is difficult to detect and repel intrusion attempts.
Sensitive data revealed in logs	An attacker could use logged credentials to attack the server or could steal other sensitive data from the log.

[edit]

Does the application log sensitive data?

Review the code to see if sensitive details are logged. Credentials and sensitive user data should not be logged. Applications might work with information that requires higher privileges to view than the log file does. Exposing sensitive data in a log file makes it more likely that the data will be stolen.

Retrieved from "http://www.guidanceshare.com/wiki/.NET_Framework_2.0_Security_Inspection_Questions_-_Auditing_and_Logging"

Categories: .NET Framework 2.0 | Inspection Questions

.NET Framework 2.0 Security Inspection Questions - Auditing and Logging

From Guidance Share

Auditing and Logging Vulnerabilities and Implications

Does the application log sensitive data?

Views

Personal tools

Navigation

Search

Toolbox