Security Logging and Monitoring Failures

Logging is a vital part of a development lifecycle to help identify runtime behavior and events. Unfortunately it is easy to provide insufficient or dangerous logs that an attacker could manipulate or expose sensitive information.

I propose writing a case study delving into the various security vulnerabilities involved with logging. These include improper output validation, insufficient logging, exposing secrets, and log injection.

References:

- [CWE-117](https://cwe.mitre.org/data/definitions/117.html)
- [CWE-223](https://cwe.mitre.org/data/definitions/223.html)
- [CWE-532](https://cwe.mitre.org/data/definitions/532.html)
- [CWE-778](https://cwe.mitre.org/data/definitions/778.html)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Logging and Monitoring Failures #12

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Logging and Monitoring Failures #12

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions