[Owasp-appsensor-project] Additional Detection Points - Violation of Security Log Integrity

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:27:28 EDT 2010


Suggestion to add a new detection point.  Has this already been ruled
out?  Should it be added?  Is the description/categorization suitable?

Source
-----------------------------------
Just another idea - this one requires some thought by developers of
how to prevent and detect changes to logs (file, database, etc).

Description
-----------------------------------
Security or audit log tampering detected.

Suggested categorization
-----------------------------------
Create a new category called "Integrity" in Signature Based Events
IN1 Violation of Security Log Integrity

*** Might want to put proposed additional detection point IE4 in this
category as well, instead of in Input? ***


More information about the Owasp-appsensor-project mailing list