Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more

Threat Analaysis

In this video, Pedro Silva will explain insufficient logging and monitoring. Watch why these underlie almost every major security incident.
Welcome to Insufficient Logging and Monitoring session. In this first part, we will focus on threat analysis. We will first discuss what insufficient logging and monitoring is and then how the system can be harmed, the impact of successful exploitation, and give you some insights to identify who may want to harm your system. Insufficient logging and monitoring is the bedrock of nearly every major incident, allowing attackers’ activity to pass unnoticed. In 2016, identifying a breach took an average of 191 days, plenty of time for damage to be inflicted.
And we are not doing better: in 2019, this number grew to 206 days, plus seven to three days average to contain a breach. We are talking about 279 days total. You should consider that any of the other OWASP Top 10 risks and associated vulnerabilities may be used as attack vectors. Attackers do not exploit insufficient logging and monitoring directly. They go after other vulnerabilities an application may have, and take advantage of insufficient logging and monitoring to pass unnoticed and make their attack last longer until the organization is capable of mitigating it. Improper logging and monitoring leads to longer incident response times, preventing organizations to react in a timely fashion.
When the logs do not include sufficient details allowing the organization to understand attackers’ activity extent, then there’s a loss of accountability. The losses are obvious and they have been reported in the news. Behind the damage caused by attackers’ activity, organizations may also be subject to fines according to applicable law and regulations. Malicious actors do not exploit directly insufficient logging and monitoring, but it makes their activities unnoticed or at least harder to detect and track. Anyone to whom your system’s data is valuable, may target your application to get an unauthorized access or even controlling the system. Reviewing the threat analysis part of previous sessions may help you identifying who may want to harm your system. You should think about it broadly.
Depending on your system’s nature, foreign nations may be a threat agent. On the other hand, you have a non-target specific threat agents looking for ransom, employees and contractors, terrorists and activists, and organized crime. You’ll find this table in OWASP Top 10. Pause the video and take your time to carefully read it. In the next part, we will demonstrate how attackers take advantage of insufficient logging and monitoring, while perpetrating a credential stuffing attack on our target application.

In this video, you will learn about the final threat in the course: insufficient logging and monitoring.

In this final section of the course, you will learn about the importance of system logging and monitoring. Insufficient logging and monitoring underlie almost every major security incident in some way.

Reflect and share: Are you aware of the monitoring and logging parameters of your system? Share what your parameters are or what you think they should be.

This article is from the free online

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now