From Application Security and Development Security Technical Implementation Guide
Part of SRG-APP-000097
Associated with: CCI-000132
It is impossible to establish, correlate, and investigate the events relating to an incident if the details regarding the source of the event it not available.
Review application administration and/or design documents. Identify key aspects of application architecture objects and components, e.g., Web Server, Application server, Database server. Interview the application administrator and identify the log locations. Access the application logs and review the log entries for events that indicate the application is auditing the internal components, objects, or functions of the application. Confirm the event logs provide information as to which component, feature, or functionality of the application triggered the event. Examples of the types of events to look for are as follows: - Application and Protocol events. e.g., Application loads or unloads and Protocol use. - Data Access events. e.g., Database connections. Events could include reference to database library or executable initiating connectivity: - Middleware events. e.g., Source code initiating calls or being invoked. - Name of application modules being loaded or unloaded. - Library loads and unloads. - Application deployment activity. Events written into the log must be able to be traced back to the originating component, feature or function name, service name, application name, library name etcetera in order to establish which aspect of the application triggered the event. If the audit logs do not contain enough data in the logs to establish which component, feature or functionality of the application triggered the event, this is a finding.
Configure the application to log which component, feature or functionality of the application triggered the event.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer