How do I instrument my application for security?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

To instrument your application for security, understand the security critical events logged by default. Analyze the standard available security events which are not logged by default, if you need to log them. Additionally create custom event to instrument application specific security events. Tracking of security related events is very important for deducing any attack on the application and to retrace in case an application is compromised. To instrument your application for security is three step process.

  • Identify all the events that are logged by default, the ASP.NET health monitoring system is configured to report all security-related error events (WebFailureAuditEvent and its descendants), and all infrastructure-related error events, to the Windows event log (WebBaseErrorEvent and its descendants). It monitors all the Forms Authentication, Authorization, ViewState failure events and also monitors application error events.
  • There are number of important security events that are available with health monitoring by default, but not logged. These events can be used to detect potential attacks on your application. Review the events and identify the ones which your application needs to monitor. Here you have Life time events, Forms Authentication Success events, Authorization Success events and Web heart beat events.
  • In addition to standard events you need to monitor other important security events specific to your application. These events can improve your ability to detect and understand attacks on your application. You can create custom events to monitor more authorization specific event, session management events, user management events, and any application specific critical operations monitoring events.

More Information

For more information on instrumenting your application for security, see “How To: Instrument ASP.NET 2.0 Applications for Security” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000016.asp

Personal tools