Updated on July 4, 2016
For a copy of the slide deck for this presentation see my follow-up post, OWASP Security Logging Project Presentation – Slide Deck.
Thursday June 30, 2016 4:15pm I am presenting a Lightning Training Session, How to Use OWASP Security Logging with August Detlefsen, Sytze van Koningsveld. The training session will be a mixed format of presentation with hands-on lab exercises.
Attendees will learn about the OWASP Security Logging Project, background and why we need security logging, it’s benefits, how to include it in new projects, upgrading your legacy projects, and much more. In the session we cover each feature and answer audience questions. Bring your laptop and participate in our exercises. Learn first-hand how apply security logging to your projects.
So why would you be interested in our logging project? A brief rundown on the benefits,
Diagnostics/Forensics, for problem determination is often useful to have a history of system state recorded in logs that you can refer to when their problems. Security logging provides some features that log command line arguments, system environment variables, and Java system properties on startup. Security logging also provides an interval logging feature to log key system and user specified metrics every 15-secs. SIEM tools can be integrated to alert on memory problems, etc
Security Focus, door open/closed, user logged in/out, resource allocation, information classification of log messages, a desirable feature for government agencies or government contractors
Compliance, sign log messages, log messages remotely, discourage tampering
Automation Across Several Use-Cases, the project provides automation benefits for standalone or desktop applications as well as up the application stack like Servlets/J2EE. For example, in the application layer provide facilities to pull user id from the HTTPSession and insert it into log4j/logback Mapped Diagnostic Context(MDC) so that users can easily correlate ever log message with the current user that’s logged into the system.
Support for Popular Platforms, are you using Java logging, log4j, logj4 2, or logback? If so, your ready to go since security logging is written to the SLF4J logging interface.
Large Base of Developer Knowledge, security logging is compatible with populator loggers so you can get running quickly.
Legacy Support, security logging includes support to capture streams from your old console logging applications (e.g., System.out/System.err). Alternatively, you may have old commercial code that logs to consoles where you don’t have the source code. In these use cases there are some benefits for intercepting these streams and redirecting them to security logging. You will not realize the full benefits of native logging (e.g., logger inheritance); however, you still receive some ancillary benefits like remote logging, ability to mark messages with an information classification, etc.
There is a lot of cover with the platform. Hope to see you in Rome at our session, seats are filling up fast, register quickly. Usually OWASP provides the session content after the conference so if you can’t attend you still have an opportunity to learn more about the platform.
Wiki, OWASP Security Logging Project
Lightning Training Presentation, How to Use Security Logging Presentation
GitHub Project Site, OWASP Security Logging code