[GPC] OWASP Logging Project - Added "tools and use cases"

Marc Chisinevski mchisinevski at yahoo.com
Fri Aug 7 09:59:25 EDT 2009



Hello,


Copying people whose projects I referenced  on the OWASP Logging Project page at http://www.owasp.org/index.php/Category:OWASP_Logging_Project.

Please have a look and send me your comments.

These projects are: OWASP ESAPI, OWASP Orizon, OWASP Yasca and OSSIM.


Thanks and kind regards,
Marc Chisinevski





--- On Fri, 8/7/09, Brad Causey <bradcausey at gmail.com> wrote:

> From: Brad Causey <bradcausey at gmail.com>
> Subject: Re: [GPC] OWASP Logging Project - Added "tools and use cases"
> To: "Marc Chisinevski" <mchisinevski at yahoo.com>
> Cc: global-projects-committee at lists.owasp.org
> Date: Friday, August 7, 2009, 4:37 PM
> Marc,
> 
> Great stuff! I'm excited to see how this project
> progresses.
> 
> 
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
> 
> http://www.owasp.org
> --
> Never underestimate the time, expense, and effort an
> opponent will expend to break a code. (Robert Morris)
> 
> 
> --
> 
> 
> 
> On Fri, Aug 7, 2009 at 8:22 AM,
> Marc Chisinevski <mchisinevski at yahoo.com>
> wrote:
> 
> 
> 
> 
> 
> 
> Hello,
> 
> 
> 
> 
> 
> 
> 
> As suggested by Brad, I've added "Existing tools
> and use cases" to the main page of the Logging Project
> at http://www.owasp.org/index.php/Category:OWASP_Logging_Project.
> 
> 
> 
> 
> 
> 
> 
> I'm looking forward to receiving your comments.
> 
> 
> 
> 
> 
> 
> 
> Thanks and kind regards,
> 
> Marc Chisinevski
> 
> 
> 
> --- On Thu, 8/6/09, Brad Causey <bradcausey at gmail.com>
> wrote:
> 
> 
> 
> > From: Brad Causey <bradcausey at gmail.com>
> 
> > Subject: Re: [GPC] OWASP Logging Project
> 
> > To: "Marc Chisinevski" <mchisinevski at yahoo.com>
> 
> > Cc: global-projects-committee at lists.owasp.org
> 
> > Date: Thursday, August 6, 2009, 11:40 PM
> 
> > Marc,
> 
> >
> 
> > I think the project road map is great.  One thing I
> might
> 
> > suggest if you haven't done it on your side is to
> 
> > prioritize a bit. They are all such excellent ideas,
> where
> 
> > are you going to start?
> 
> >
> 
> > I think I'm confused about what the
> 
> > OWASP_Logging_Guide.pdf file is if the
> 
> > Owasp_Logging_Project_Roadmap.pdf file is the roadmap.
> They
> 
> > both seem to have the same title.
> 
> >
> 
> >
> 
> > I'm really digging the content though, and I
> think
> 
> > having a "case document" or something of the
> like
> 
> > is a great way to help techies get the project into
> the door
> 
> > at their company.
> 
> >
> 
> > Pulling from your page:
> 
> >
> 
> >
> 
> > <quote>
> 
> > Provide tools for software developers in order to help
> them
> 
> > define and provide meaningful logs
> 
> > Provide code audit tools to ensure that log
> 
> > messages are consistent and complete (content,
> format,
> 
> > timestamps)
> 
> > Facilitate the integration of logs from
> 
> > different sources
> 
> > Facilitate attack reconstruction
> 
> > Facilitate information sharing around
> 
> > security events</quote>These are really big
> 
> > statements and have pretty far-reaching and broad
> 
> > implications. Would you mind further defining them as
> you
> 
> > make progress? I guess my thought is that your first
> item
> 
> > alone, Provide tools for software developers in order
> to
> 
> > help them define and provide meaningful logs, is a
> huge
> 
> > undertaking in itself. Are you going to provide an
> acutal
> 
> > tool? If so what will it do? Will it be a document or
> guide
> 
> > about what/how/when to log? That kind of stuff.
> I'm not
> 
> > asking for answers to those questions, but these might
> be
> 
> > good things to define before getting too far along.
> 
> >
> 
> >
> 
> > So if you've already done all of this, please
> 
> > disregard. Hopefully this is helpful, and more of my
> 
> > personal opinion than anything. Thoughts?
> 
> >
> 
> >
> 
> >
> 
> >
> 
> > -Brad Causey
> 
> > CISSP, MCSE, C|EH, CIFI, CGSP
> 
> >
> 
> >
> 
> >
> 
> > http://www.owasp.org
> 
> > --
> 
> > Never underestimate the time, expense, and effort an
> 
> > opponent will expend to break a code. (Robert Morris)
> 
> > --
> 
> >
> 
> >
> 
> >
> 
> > On Thu, Aug 6, 2009 at 9:21 AM,
> 
> > Marc Chisinevski <mchisinevski at yahoo.com>
> 
> > wrote:
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >   Hello,
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >   Could you please have a look at
> 
> >
> 
> >   http://www.owasp.org/index.php/Category:OWASP_Logging_Project
> 
> >
> 
> >  and tell me what you think ?
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >   I've made some updates (Main, Project
> 
> > identification, Project Roadmap, my user profile).
> 
> >
> 
> >
> 
> >
> 
> >   I'll also try yo find/create another project
> logo
> 
> > (more related to
> 
> >
> 
> >   the current goals and subprojects).
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >   Thanks, Marc
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >
> 
> >
> 
> > _______________________________________________
> 
> >
> 
> > Global-projects-committee mailing list
> 
> >
> 
> > Global-projects-committee at lists.owasp.org
> 
> >
> 
> > https://lists.owasp.org/mailman/listinfo/global-projects-committee
> 
> >
> 
> >
> 
> >
> 
> >
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 


      


More information about the Global-projects-committee mailing list