Logging Cheat Sheet - OWASP - 0 views
-
Legal and other opt-ins
-
kuni katsuya on 21 Sep 12terms & conditions acceptance, license transfers, etc
-
-
Data changes
-
-
Event attributes
- ...35 more annotations...
-
Log date and time
-
Event date and time
-
Application identifier
-
-
Application address
-
-
User identity
-
-
Type of event
-
Severity of event
-
Description
-
-
Action
-
eg. action performed on managed resource (eg. 'update' action on resource 'hotel')
-
-
original intended purpose of the request
-
Object
-
-
affected component
-
Result status
-
-
Reason
-
-
Extended details
-
Data to exclude
-
Access tokens
-
Session identification values
-
Sensitive personal data
-
passwords
-
Database connection strings
-
Encryption keys
-
payment
-
Information a user has opted out of collection
-
Synchronize time across all servers and devices
-
Input validation failures
-
Which events to log
-
proportional to the information security risks
-
Always log:
-
Authentication successes and failures
-
Authorization failures
-
Session management failures
-
Application errors and system events
-
Application and related systems start-ups and shut-downs
-
Use of higher-risk functionality