Security logging

Security logging is one of the most important tools you have when it comes to detecting breaches and active attacks. Read on to learn exactly what it entails, what log injection is, and to try out a related exercise on the Avatao platform.

Try a security logging exercise
security logging

The purpose of security logging

The goal of malicious attackers these days is to stay under the radar for as long as possible in order to extract information, perform lateral movement, alter system configurations, install malicious software, or simply cause fiscal damage.

To thwart these bad actors, active monitoring and logging of suspicious activity – such as failed logins and warning or error messages – is critical. These logs can serve as the main building blocks in later forensics analysis if needed, or can be fed into intrusion detection systems.

Log injection attacks

Security logging must be properly tuned to avoid log injection attacks.

What is log injection and what are its consequences?

Unvalidated user inputs from untrusted sources may alter log entries to hide the presence of attacks or trigger other types of attacks such as XSS. This is called log injection.

Get started with secure coding training today

Reach out to our team to learn more about Avatao, and find out how we can help your company scale secure coding training efficiently.
Get in touch
avatao

Follow us

Copyright © 2022 Avatao

Secure coding training

For managers

For developers

Compliance training

Capture The Flag

Why Avatao?

Platform features

Content we cover

Pricing

Resources

Blog

Customer stories

Ebooks and guides

FAQ

Company

Our story

Company culture

Careers

Internship at Avatao

About

Investors & Partners

Terms of Service & Privacy Policy

Vulnerability Disclosure Policy

Contact us