[Owasp-appsensor-project] Additional Detection Points - Violation of Security Log Integrity

Colin Watson colin.watson at owasp.org
Wed Jun 9 10:39:56 EDT 2010


John

On 9 June 2010 15:29, John Melton <jtmelton at gmail.com> wrote:
> is this presumably to catch log forging attempts?

Yes preventing insertion of entries and corruption of the log, but
also prevention of record deletion and detection of changes to log
entries.  AppSensor will rely on the accuracy of "log" data to make
decisions when thresholds are reached, and therefore I thought
protecting this source data is important - a bit of self-protection.

Colin


More information about the Owasp-appsensor-project mailing list