[Owasp-alabama] [Owasp-Atlanta] Last login from in a web app

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Tue Oct 18 16:32:57 EDT 2011


If no one has answered this, I will provide my .02.  No, there is no formal
guidance, specific to OWASP or WASC that relates specifically to this as a
security countermeasure (or rather reactive control), but here are some
value-adds that may be articulated around it:

- Trending: metrics around user usage can be trended and aggregated in order
to identify anomalies in login patterns.  Be wary that this alone should be
a criteria for affecting things like authentication or authorization but
provides intel on source of use.
- Logging: this piece of information can be correlated to other 'events' in
order to fulfill a user profile that is comprised of several other usage
stats (most visited areas of site, etc).  This may lend to both IT and IS
initiatives which I won't mention here.
- Need to look at the privacy implications of this.  Alone, info is
worthless.  In conjunction with other pieces of data, there may be a case
for privacy.  Look at ingredients that factor in using NIST 800-122 pub.
- If you do go the security route where alerting can be made off of
variances in user profile requests, be wary that such logic is not judged by
the app in isolation but with other contextual pieces of info.


Hope this helps.

Tony UV
Atlanta Chapter Lead
@versprite
On Mon, Oct 3, 2011 at 10:55 AM, secsec sensen <secure.sen at gmail.com> wrote:

> Hey there
>
> While wrapping up a web application assessment [portal with sensitive
> PII/PHI ] for my employer; I am all the sudden stuck as to produce
> text for reasons/arguments to augment one of the recommendations in
> the report: "The last login from", Once a user logs in, she/he is not
> presented with a way to see where-from/when they were last
> successfully authenticated to the portal.
>
> Apart from the reason that it adds more awareness to the portal user
> on their activity in the portal, are there any official documentation
> out there or verbiage that will make the business case for developing
> it. on the admin side of the portal, there is such reporting for the
> admins.
>
> this might be an unusual non-technical question, but thanks in advance...
> :)
>
> cheers!
> -S
> _______________________________________________
> Owasp-Atlanta mailing list
> Owasp-Atlanta at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-atlanta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-alabama/attachments/20111018/8d4bed1d/attachment.html 


More information about the Owasp-alabama mailing list