Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP Logging Project Presentation by Marc Chisinevski.

Published byRudolph Cobb Modified over 9 years ago

Similar presentations

Presentation on theme: "OWASP Logging Project Presentation by Marc Chisinevski."— Presentation transcript:

1 OWASP Logging Project Presentation by Marc Chisinevski

2 Objectives of this presentation Explain the goals of the OWASP Logging Project Discuss how to integrate application logs into a Security Information Management system (SIM). Live demo 1. Discuss SIM common issues and present a multidimensional solution prototype. Live demo 2.

3 Goals of the OWASP Logging Project 1) Provide tools for software developers in order to help them define and provide meaningful logs. 2) Provide code audit tools to ensure that log messages are consistent and complete (content, format, timestamps). 3) Integrating application logs into a Security Information Management configuration. 4)Facilitate attack reconstruction. 5) Facilitate information sharing around security events.

4 1) Provide tools for software developers in order to help them define and provide meaningful logs IDE integration: auto-completion templates logging policy definition support.

5 IDE (Integrated Development Environment) Templates can provide checks/hints/defaults. Examples defined by the OWASP Enterprise Security API: - hashed value of the session ID, identity of the user that caused the event, description of the event (supplied by the caller) - whether the event succeeded or failed (indicated by the caller), severity level of the event (indicated by the caller) - that this is a security relevant event (indicated by the caller) - hostname or IP where the event occurred (and ideally the user's source IP as well), a time stamp

6 2) Provide code audit tools to ensure that log messages are consistent and complete Code audit tools s.a. OWASP yasca can be easily adapted in order to ensure that: - logging standards are respected - and log messages are consistent and complete (content, format, timestamps).

7 3) Integrating application logs into a Security Information Management configuration OSSIM (http://www.ossim.net/)http://www.ossim.net/ has numerous plugins for parsing: webserver, appserver, WAF, IPS, IDS logs and generating/storing events in its standard format.

8 Adding a plugin for parsing custom application logs is as easy as finding the correct regular expression provided that: - developers included all relevant information in the log message - and that they have done so in a consistent way.

9 Current problems Difficult to obtain relevant views of consolidated data Examples: Alarms concerning Client1 in December Alarms in Datacenter1 in January Difficult to calculate indicators Example: Annual Loss Expectancy for Asset1

10 Current problems Difficult to compare with historical data Performance issues

11 Live Demo 1 - Ossim A « click and play » virtual appliance containing a full OSSIM installation is provided

12 OSSIM executive dashboard

13 Current day details from the previous Executive Dashboard: very technical information, clearly not useful for CFO/CEOs, with all due respect

14 Functional benefits of a multidimensional solution Presenting risk assessments and safeguard cost- effectiveness scenarios to CFO/CEO Different views: Client, Asset, Data Center, Time Indicators: Loss Expectancy, Risk …

15 Functional benefits of the multidimensional solution Aggregation levels are clearly defined: Raw data: Event, Server Consolidated data: Alarm, Asset, Client, Data Center, Time, Geography

16 Technical benefits of the multidimensional solution Reporting queries no longer run on the production SIM database Drill-down, roll-up, slice without writing SQL Integrate data from different sources

17 Live Demo 2 - Multidimensional solution Essbase example

18 Essbase outlines

19

20 Demo data feed

21 Asset view Data Center view

22 Client view

23 Questions

24 Acknowledgments OSSIM team Wojtek Janeczek, friend and multidimensional DB expert

25 Thank you!

Download ppt "OWASP Logging Project Presentation by Marc Chisinevski."

Similar presentations

Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Design Validation CSCI 5801: Software Engineering.

Design Validation CSCI 5801: Software Engineering.
The Enterprise Business Center. #2 CyberSource Enterprise Business Center your payment processing dashboard ******** Log out security feature All tools.

The Enterprise Business Center. #2 CyberSource Enterprise Business Center your payment processing dashboard ******** Log out security feature All tools.
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Solving Automation Reporting Problems with Dream Report Renee Sikes Applications Engineer Dream Report Brand Manager.

Solving Automation Reporting Problems with Dream Report Renee Sikes Applications Engineer Dream Report Brand Manager.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.

Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
Hyperion EPM Overview & Case Study.

Hyperion EPM Overview & Case Study.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Data Sources Data Warehouse Analysis Results Data visualisation Analytical tools OLAP Data Mining Overview of Business Intelligence Data visualisation.

Data Sources Data Warehouse Analysis Results Data visualisation Analytical tools OLAP Data Mining Overview of Business Intelligence Data visualisation.
eGovernance Under guidance of Dr. P.V. Kamesam IBM Research Lab New Delhi Ashish Gupta 3 rd Year B.Tech, Computer Science and Engg. IIT Delhi.

eGovernance Under guidance of Dr. P.V. Kamesam IBM Research Lab New Delhi Ashish Gupta 3 rd Year B.Tech, Computer Science and Engg. IIT Delhi.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
User Group 2015 Version 5 Features & Infrastructure Enhancements.

User Group 2015 Version 5 Features & Infrastructure Enhancements.
Web Application Testing with AppScan Terry Labach.

Web Application Testing with AppScan Terry Labach.
Copyright © 2007 Quest Software The Changing Role of SQL Server DBA’s Bryan Oliver SQL Server Domain Expert Quest Software.

Copyright © 2007 Quest Software The Changing Role of SQL Server DBA’s Bryan Oliver SQL Server Domain Expert Quest Software.
Overview of Change Management ClearQuest Overview for CORUG January, 2008.

Overview of Change Management ClearQuest Overview for CORUG January, 2008.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1//hw Cherniak Software Development Corporation ARM Features Presentation Alacrity Results Management (ARM) Major Feature Description.

1//hw Cherniak Software Development Corporation ARM Features Presentation Alacrity Results Management (ARM) Major Feature Description.

Similar presentations

Ads by Google