[Owasp-alabama] Last login from in a web app

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Mon Oct 3 11:11:20 EDT 2011

"Official Verbiage"?  i dunno about that. but i have implemented this in most of my web apps, and these are the reasons that i cite.  Im sure they will inspire a great deal of debate, but my policy is to log whatever i can in a secure system, as its very beneficial for forensics later if needed..  This in conjunction with the IP logs of a given provider are key elements in a successful identification of the intruder.  If you cannot prove it was them, and link to the physical device (MAC) you will be hard pressed to actually punish someone.  simply using the web server access logs, is not sufficient in many cases as they don't reflect "intent" to infiltrate, only that they accessed.  Any competent lawyer can claim a virus, bot or web redirect made the access and it wasn't the user

1 - tracking last logged in IP in a log is clearly valuable in the case of a compromised account, then you know more clearly what IP'd system made the access, instead of just assuming its the person with the password.

2- displaying to the end user provides 2 benefits.
	a)  lets nitwits knows that you are tracking, and "can" let them think twice before being stupid
	b) shows users where the last access was from, and if they are if they know about the network can identify that someone else may have used the account

my 2.5 cents.


On Oct 3, 2011, at 9:55 AM, owasp-alabama at lists.owasp.org wrote:

> Hey there
> While wrapping up a web application assessment [portal with sensitive
> PII/PHI ] for my employer; I am all the sudden stuck as to produce
> text for reasons/arguments to augment one of the recommendations in
> the report: "The last login from", Once a user logs in, she/he is not
> presented with a way to see where-from/when they were last
> successfully authenticated to the portal.
> Apart from the reason that it adds more awareness to the portal user
> on their activity in the portal, are there any official documentation
> out there or verbiage that will make the business case for developing
> it. on the admin side of the portal, there is such reporting for the
> admins.
> this might be an unusual non-technical question, but thanks in advance... :)
> cheers!
> -S
> _______________________________________________
> Owasp-alabama mailing list
> Owasp-alabama at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-alabama

More information about the Owasp-alabama mailing list