[Owasp-appsensor-project] Additional Detection Points - Violation of Security Log Integrity

John Melton jtmelton at gmail.com
Wed Jun 9 21:52:10 EDT 2010


+1 for me

On Wed, Jun 9, 2010 at 10:39 AM, Colin Watson <colin.watson at owasp.org> wrote:
> John
>
> On 9 June 2010 15:29, John Melton <jtmelton at gmail.com> wrote:
>> is this presumably to catch log forging attempts?
>
> Yes preventing insertion of entries and corruption of the log, but
> also prevention of record deletion and detection of changes to log
> entries.  AppSensor will rely on the accuracy of "log" data to make
> decisions when thresholds are reached, and therefore I thought
> protecting this source data is important - a bit of self-protection.
>
> Colin
>


More information about the Owasp-appsensor-project mailing list