Secure Application Development
Home faculty program location registration subscribe related past events	Auditability and accountability Learning objectives understand what traceability good incident handling needs from an application, be familiar with some strategies for fulfilling this need. Overview When applications are compromised by attackers, often times the Computer Security Incident Response Team (CSIRT) organization is called in to assist in cleaning up the mess. A key concern of the CSIRT is to determine how the application was compromised as well as to assess the extent of the damage to the business that owns or operates the compromised application. Turning to the system's event logging is frequently the only course of action that can be taken after the compromise has occurred, making it particularly vital to ensure that all components of an application are logging the right information. This module describes the issues faced by the CSIRT and presents various recommendations for deciding how to build a robust event logging system.

Secure Application Development

Home
faculty
program
location
registration
subscribe
related
past events

Auditability and accountability

Learning objectives

understand what traceability good incident handling needs from an application,
be familiar with some strategies for fulfilling this need.

Overview

When applications are compromised by attackers, often times the Computer Security Incident Response Team (CSIRT) organization is called in to assist in cleaning up the mess. A key concern of the CSIRT is to determine how the application was compromised as well as to assess the extent of the damage to the business that owns or operates the compromised application. Turning to the system's event logging is frequently the only course of action that can be taken after the compromise has occurred, making it particularly vital to ensure that all components of an application are logging the right information.

This module describes the issues faced by the CSIRT and presents various recommendations for deciding how to build a robust event logging system.