« Acts of God Algorithm | Main | Fuel Not Powerpoint »


John Melton

Just wanted to point out ESAPI has thought about logging and event/intrusion detection - http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API, and the AppSensor project is intended to provide more extensive event/intrusion detection at the application layer that can be a drop-in replacement for the default ESAPI version - http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project


I have most often used the EASPI Javadocs as the best guide for application security logging. But this new paper is very helpful. Perhaps the paper doesn't include the concept above of logging extended information about certain events. For example, we may not have a username, only an IP address/client fingerprint. And the request headers and/or response content may be helpful for subsequent analysis.

Writing application logging requirements into specifications can lead to more security being built in: if you need to log it (and thus deliver software that meets the spec), you have to be able to identify the event occurring.

John's mention of OWASP AppSensor is also timely as I'm trying to work up a logging/event syndication format for AppSensor events.

The comments to this entry are closed.