[Owasp-appsensor-project] Additional Detection Points - Violation of Security Log Integrity

John Melton jtmelton at gmail.com
Wed Jun 9 10:29:55 EDT 2010


is this presumably to catch log forging attempts?

On Wed, Jun 9, 2010 at 10:27 AM, Colin Watson <colin.watson at owasp.org> wrote:
> Suggestion to add a new detection point.  Has this already been ruled
> out?  Should it be added?  Is the description/categorization suitable?
>
> Source
> -----------------------------------
> Just another idea - this one requires some thought by developers of
> how to prevent and detect changes to logs (file, database, etc).
>
> Description
> -----------------------------------
> Security or audit log tampering detected.
>
> Suggested categorization
> -----------------------------------
> Create a new category called "Integrity" in Signature Based Events
> IN1 Violation of Security Log Integrity
>
> *** Might want to put proposed additional detection point IE4 in this
> category as well, instead of in Input? ***
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>


More information about the Owasp-appsensor-project mailing list