Lesson 14 - OWASP Top 10 2017 - A10:2017-Insufficient Logging & Monitoring

AppSec Starter is a basic application security awareness training applied to onboarding new developers. It is not the purpose of this training to discuss advanced and practical topics. Conviso has customized training and practical training platforms.

Training recorded by Nicolas Schmaltz and copyright reserved to Conviso Application Security S/A.

Lesson 14 Contents:

Insufficient logging and monitoring, together with a non-existent or insufficient incident response, allows attackers to persistently abuse the system, use it as input to attack other systems, and alter, extract or destroy data. Some of the studies demonstrate that the time required to detect a data breach is over 200 days and is typically detected by external entities rather than internal processes or monitoring.