SlideShare ist ein Scribd-Unternehmen logo

Web Server Application Logs LTEC2013

Als PPT, PDF herunterladen
Michal Špaček
Michal Špaček

1) Web developers build web applications that run on the internet and are accessed through URLs, but these applications can be vulnerable to SQL injection attacks if user input is not sanitized properly. 2) Both web servers and web applications should write log files of requests to help with debugging, performance, and security issues like data breaches. 3) Logging has challenges related to disk space, performance, and reviewing the logs, but reviewing logs can help web developers act as "digital forensics guys" and detect breaches early by searching logs for keywords.

Technologie
1 von 10
Poor Man's Digital Forensics Michal Špaček Lead Web Developer Slevomat.cz www.michalspacek.cz @spazef0rze
Web Developers http://example.com/products I'm a web developer. I've been a web developer since, like, 2000. Web developers, you know, build web applications and web applications run on the Internet and are using addresses just like this one above. www.michalspacek.cz @spazef0rze
So Web Developers http://example.com/product?id=123 The better of us they also build web applications with addresses looking like this one. Such web application displays a lot of useful details about a product or whatever info the developer of the application wants it to display. www.michalspacek.cz @spazef0rze
Wow, Web Developers http://example.com/product? id='+UNION+SELECT+1,2,3,4+# SQL Injection Attack The best of us, web developers, they build applications which display a lot of useful details and also whatever the bad guy wants the application to display. This is called the SQL Injection Attack and it is responsible for some major information leaks in last few years and is caused by the developer not properly handling user input. It is pretty common, unfortunately. www.michalspacek.cz @spazef0rze
Many Web Developers http://example.com/products http://example.com/product?id=123 http://example.com/product? id='+UNION+SELECT+1,2,3,4+# So we are web developers, building web applications. The applications are different, of course, but there's one thing making them all the same, at least from one particular point of view. The applications are viewed from web browsers making requests to web servers. And guess what… www.michalspacek.cz @spazef0rze
All the Internet WEB SERVERS are writing access LOGS! Yes! Exactly. Whenever there's a request coming from a browser no matter what information ends up being sent back to it, the requested address is written down to the server access log. So later you can see what your users are looking for, if needed. www.michalspacek.cz @spazef0rze
All the Internet YOUR WEB APPLICATION should be writing application LOGS! Just like the web server your application can also write logfiles. These files should contain more information and debugging data because your application knows much more about the request than the server. It knows a lot about a user making the request, what they want to buy and what was the result of charging their payment instrument. www.michalspacek.cz @spazef0rze
Many Logs ● Disk s p a c e ● Logger performance ● Somebody has to read logs Of course, logging is not easy. It's hard because logs take space and once your log files are too big there's no more room for other data on the server and the server stops serving requests. The server has to perform well because it simply has more things to do. Your hard drives need to perform well too. And the hardest part about logging is that somebody has to read the logs. www.michalspacek.cz @spazef0rze
Be a Digital Forensics Guy Search the logs for SELECT BUT! If you have logs you can be a digital forensics guy, too! No, not the pro one, but good enough to detect a breach or data leak. Just search the logs for some keywords and while you may get some false positives, you may also spot something. Remember the SQL Injection Attack example? But please, don't modify the logs, the pros need them in their original state. www.michalspacek.cz @spazef0rze
Michal Špaček says Write logs Read logs Before it's too late Here's my advice. Write the logs. Read them as well. A lot of companies don't know they had their data leaked until they read it on TechCrunch or Slashdot. That is well too late. Do something so that you're the first one to know that something went wrong. The second one, actually. The first one is always the guy making it away with your data. www.michalspacek.cz @spazef0rze

Empfohlen

Job hunt sample presentation
Job hunt sample presentationJob hunt sample presentation
Job hunt sample presentation
Richmond Public Library
 
Job hunt sample presentation
Job hunt sample presentationJob hunt sample presentation
Job hunt sample presentation
AlvinAnderson
 
Service Workers and Their Role in Apps
Service Workers and Their Role in AppsService Workers and Their Role in Apps
Service Workers and Their Role in Apps
Tasha Penwell
 
Invisible Web - Te,Krislynn
Invisible Web - Te,KrislynnInvisible Web - Te,Krislynn
Invisible Web - Te,Krislynn
krislynnte
 
Introduction to import.io
Introduction to import.ioIntroduction to import.io
Introduction to import.io
Andrew Fogg
 
Online Information Literacy 1206046725957460 5
Online Information Literacy 1206046725957460 5Online Information Literacy 1206046725957460 5
Online Information Literacy 1206046725957460 5
menerando
 
Getting Interactive: Chapter 14
Getting Interactive: Chapter 14Getting Interactive: Chapter 14
Getting Interactive: Chapter 14
Gene Babon
 
Hit On The Internet
Hit On The InternetHit On The Internet
Hit On The Internet
Vishal Kapoor
 

Empfohlen

Job hunt sample presentation
Job hunt sample presentationJob hunt sample presentation
Job hunt sample presentation
Richmond Public Library
 
Job hunt sample presentation
Job hunt sample presentationJob hunt sample presentation
Job hunt sample presentation
AlvinAnderson
 
Service Workers and Their Role in Apps
Service Workers and Their Role in AppsService Workers and Their Role in Apps
Service Workers and Their Role in Apps
Tasha Penwell
 
Invisible Web - Te,Krislynn
Invisible Web - Te,KrislynnInvisible Web - Te,Krislynn
Invisible Web - Te,Krislynn
krislynnte
 
Introduction to import.io
Introduction to import.ioIntroduction to import.io
Introduction to import.io
Andrew Fogg
 
Online Information Literacy 1206046725957460 5
Online Information Literacy 1206046725957460 5Online Information Literacy 1206046725957460 5
Online Information Literacy 1206046725957460 5
menerando
 
Getting Interactive: Chapter 14
Getting Interactive: Chapter 14Getting Interactive: Chapter 14
Getting Interactive: Chapter 14
Gene Babon
 
Hit On The Internet
Hit On The InternetHit On The Internet
Hit On The Internet
Vishal Kapoor
 
How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
Alfulthe847
 
Introducing Placemaker
Introducing PlacemakerIntroducing Placemaker
Introducing Placemaker
Christian Heilmann
 
Seo audit fitpass.co.in via Nikola Minkov / Serpact
Seo audit fitpass.co.in via Nikola Minkov / SerpactSeo audit fitpass.co.in via Nikola Minkov / Serpact
Seo audit fitpass.co.in via Nikola Minkov / Serpact
Nikola Minkov
 
Using import.io in the recruitment industry
Using import.io in the recruitment industryUsing import.io in the recruitment industry
Using import.io in the recruitment industry
Andrew Fogg
 
10,000 leads in 10 minutes
10,000 leads in 10 minutes10,000 leads in 10 minutes
10,000 leads in 10 minutes
Andrew Fogg
 
Hreflang Tags - Brighton SEO April 2018 - Emily Mace
Hreflang Tags - Brighton SEO April 2018 - Emily MaceHreflang Tags - Brighton SEO April 2018 - Emily Mace
Hreflang Tags - Brighton SEO April 2018 - Emily Mace
Oban International
 
Facebook Black book 3 - make money online everyday
Facebook Black book 3 - make money online everydayFacebook Black book 3 - make money online everyday
Facebook Black book 3 - make money online everyday
Edward806784
 
Electronic Resources for New Staff @ UConn
Electronic Resources for New Staff @ UConnElectronic Resources for New Staff @ UConn
Electronic Resources for New Staff @ UConn
erlstephanie
 
New computer project
New computer projectNew computer project
New computer project
Bikram2001
 
Optimize URL for Performance
Optimize URL for PerformanceOptimize URL for Performance
Optimize URL for Performance
Morgan Cheng
 
Html5 History-API
Html5 History-APIHtml5 History-API
Html5 History-API
Mindfire Solutions
 
Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014
Jan Jongboom
 
Metatutorial
MetatutorialMetatutorial
Metatutorial
elenabenito
 
How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...
How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...
How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...
Charly Wargnier
 
How to Get Money Fast - Make Money Blogging!
How to Get Money Fast - Make Money Blogging!How to Get Money Fast - Make Money Blogging!
How to Get Money Fast - Make Money Blogging!
41242serv
 
What is a disavow file?
What is a disavow file?What is a disavow file?
What is a disavow file?
Abhishek Mitra
 
Restful_api
Restful_apiRestful_api
Restful_api
Vivek Ponugoti
 
INLS461_day14a.ppt
INLS461_day14a.pptINLS461_day14a.ppt
INLS461_day14a.ppt
webhostingguy
 
IBM websphere application server types of profiles
IBM websphere application server types of profilesIBM websphere application server types of profiles
IBM websphere application server types of profiles
Kuldeep Saxena
 
IBM Websphere concepts
IBM Websphere conceptsIBM Websphere concepts
IBM Websphere concepts
Kuldeep Saxena
 
Ibm web sphere application server interview questions
Ibm web sphere application server interview questionsIbm web sphere application server interview questions
Ibm web sphere application server interview questions
praveen_guda
 
Websphere interview Questions
Websphere interview QuestionsWebsphere interview Questions
Websphere interview Questions
gummadi1
 

Weitere ähnliche Inhalte

Was ist angesagt?

How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
Alfulthe847
 
New computer project
New computer projectNew computer project
New computer project
Bikram2001
 
Optimize URL for Performance
Optimize URL for PerformanceOptimize URL for Performance
Optimize URL for Performance
Morgan Cheng
 

Was ist angesagt? (18)

How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
How-To Buy Your Blogs Website Nourish Classified By Google ! Along With Live ...
 
Introducing Placemaker
Introducing PlacemakerIntroducing Placemaker
Introducing Placemaker
 
Seo audit fitpass.co.in via Nikola Minkov / Serpact
Seo audit fitpass.co.in via Nikola Minkov / SerpactSeo audit fitpass.co.in via Nikola Minkov / Serpact
Seo audit fitpass.co.in via Nikola Minkov / Serpact
 
Using import.io in the recruitment industry
Using import.io in the recruitment industryUsing import.io in the recruitment industry
Using import.io in the recruitment industry
 
10,000 leads in 10 minutes
10,000 leads in 10 minutes10,000 leads in 10 minutes
10,000 leads in 10 minutes
 
Hreflang Tags - Brighton SEO April 2018 - Emily Mace
Hreflang Tags - Brighton SEO April 2018 - Emily MaceHreflang Tags - Brighton SEO April 2018 - Emily Mace
Hreflang Tags - Brighton SEO April 2018 - Emily Mace
 
Facebook Black book 3 - make money online everyday
Facebook Black book 3 - make money online everydayFacebook Black book 3 - make money online everyday
Facebook Black book 3 - make money online everyday
 
Electronic Resources for New Staff @ UConn
Electronic Resources for New Staff @ UConnElectronic Resources for New Staff @ UConn
Electronic Resources for New Staff @ UConn
 
New computer project
New computer projectNew computer project
New computer project
 
Optimize URL for Performance
Optimize URL for PerformanceOptimize URL for Performance
Optimize URL for Performance
 
Html5 History-API
Html5 History-APIHtml5 History-API
Html5 History-API
 
Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014Offline for web - Frontend Dev Conf Minsk 2014
Offline for web - Frontend Dev Conf Minsk 2014
 
Metatutorial
MetatutorialMetatutorial
Metatutorial
 
How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...
How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...
How to build simple web apps to automate your SEO tasks - BrightonSEO Spring ...
 
How to Get Money Fast - Make Money Blogging!
How to Get Money Fast - Make Money Blogging!How to Get Money Fast - Make Money Blogging!
How to Get Money Fast - Make Money Blogging!
 
What is a disavow file?
What is a disavow file?What is a disavow file?
What is a disavow file?
 
Restful_api
Restful_apiRestful_api
Restful_api
 
INLS461_day14a.ppt
INLS461_day14a.pptINLS461_day14a.ppt
INLS461_day14a.ppt
 

Andere mochten auch

Andere mochten auch (6)

IBM websphere application server types of profiles
IBM websphere application server types of profilesIBM websphere application server types of profiles
IBM websphere application server types of profiles
 
IBM Websphere concepts
IBM Websphere conceptsIBM Websphere concepts
IBM Websphere concepts
 
Ibm web sphere application server interview questions
Ibm web sphere application server interview questionsIbm web sphere application server interview questions
Ibm web sphere application server interview questions
 
Websphere interview Questions
Websphere interview QuestionsWebsphere interview Questions
Websphere interview Questions
 
Application server vs Web Server
Application server vs Web ServerApplication server vs Web Server
Application server vs Web Server
 
IBM Websphere introduction and installation for beginners
IBM Websphere introduction and installation for beginnersIBM Websphere introduction and installation for beginners
IBM Websphere introduction and installation for beginners
 

Ähnlich wie Web Server Application Logs LTEC2013

What Are We Still Doing Wrong
What Are We Still Doing WrongWhat Are We Still Doing Wrong
What Are We Still Doing Wrong
afa reg
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Nick Galbreath
 
Large-Scale Web Scraping: An Ultimate Guide
Large-Scale Web Scraping: An Ultimate GuideLarge-Scale Web Scraping: An Ultimate Guide
Large-Scale Web Scraping: An Ultimate Guide
Data Scraping and Data Extraction
 
Computer Programming for Lawyers
Computer Programming for LawyersComputer Programming for Lawyers
Computer Programming for Lawyers
Nehal Madhani
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
Zero Science Lab
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
Maximiliano Soler
 

Ähnlich wie Web Server Application Logs LTEC2013 (20)

Offline of web applications
Offline of web applicationsOffline of web applications
Offline of web applications
 
The ultimate guide to web scraping 2018
The ultimate guide to web scraping 2018The ultimate guide to web scraping 2018
The ultimate guide to web scraping 2018
 
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
Teach Your Sites to Call for Help: Automated Problem Reporting for Online Ser...
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
 
Is web scraping legal or not?
Is web scraping legal or not?Is web scraping legal or not?
Is web scraping legal or not?
 
The Guide to Website Development for Beginners.pdf
The Guide to Website Development for Beginners.pdfThe Guide to Website Development for Beginners.pdf
The Guide to Website Development for Beginners.pdf
 
What Are We Still Doing Wrong
What Are We Still Doing WrongWhat Are We Still Doing Wrong
What Are We Still Doing Wrong
 
Yahoo for the Masses
Yahoo for the MassesYahoo for the Masses
Yahoo for the Masses
 
The Guide to Website Development for Beginners.pptx
The Guide to Website Development for Beginners.pptxThe Guide to Website Development for Beginners.pptx
The Guide to Website Development for Beginners.pptx
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
 
The most efficient development tool is now available in Pakistan.pdf
The most efficient development tool is now available in Pakistan.pdfThe most efficient development tool is now available in Pakistan.pdf
The most efficient development tool is now available in Pakistan.pdf
 
Web Scraping Services.pptx
Web Scraping Services.pptxWeb Scraping Services.pptx
Web Scraping Services.pptx
 
Large-Scale Web Scraping: An Ultimate Guide
Large-Scale Web Scraping: An Ultimate GuideLarge-Scale Web Scraping: An Ultimate Guide
Large-Scale Web Scraping: An Ultimate Guide
 
Datasets, APIs, and Web Scraping
Datasets, APIs, and Web ScrapingDatasets, APIs, and Web Scraping
Datasets, APIs, and Web Scraping
 
Christian heilmann an-open-web-for-all
Christian heilmann an-open-web-for-allChristian heilmann an-open-web-for-all
Christian heilmann an-open-web-for-all
 
Computer Programming for Lawyers
Computer Programming for LawyersComputer Programming for Lawyers
Computer Programming for Lawyers
 
Running a business on Web Scraped Data
Running a business on Web Scraped DataRunning a business on Web Scraped Data
Running a business on Web Scraped Data
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
 
Challenges in web crawling
Challenges in web crawlingChallenges in web crawling
Challenges in web crawling
 

Mehr von Michal Špaček

Mehr von Michal Špaček (20)

Víceúrovňová obrana vysvětlená na Cross-Site Scriptingu
Víceúrovňová obrana vysvětlená na Cross-Site ScriptinguVíceúrovňová obrana vysvětlená na Cross-Site Scriptingu
Víceúrovňová obrana vysvětlená na Cross-Site Scriptingu
 
Lámání a ukládání hesel
Lámání a ukládání heselLámání a ukládání hesel
Lámání a ukládání hesel
 
Fantom Opery, "VPN" a Secure Proxy v Opeře
Fantom Opery, "VPN" a Secure Proxy v OpeřeFantom Opery, "VPN" a Secure Proxy v Opeře
Fantom Opery, "VPN" a Secure Proxy v Opeře
 
Quality of Life, Multiple Lines of Defense
Quality of Life, Multiple Lines of DefenseQuality of Life, Multiple Lines of Defense
Quality of Life, Multiple Lines of Defense
 
Jak zlepšit zabezpečení čtvrtiny celého webu
Jak zlepšit zabezpečení čtvrtiny celého webuJak zlepšit zabezpečení čtvrtiny celého webu
Jak zlepšit zabezpečení čtvrtiny celého webu
 
Medvědí služba
Medvědí službaMedvědí služba
Medvědí služba
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policies
 
XSS PHP CSP ETC OMG WTF BBQ
XSS PHP CSP ETC OMG WTF BBQXSS PHP CSP ETC OMG WTF BBQ
XSS PHP CSP ETC OMG WTF BBQ
 
Bezpečnost e-shopů (HTTPS, XSS, CSP)
Bezpečnost e-shopů (HTTPS, XSS, CSP)Bezpečnost e-shopů (HTTPS, XSS, CSP)
Bezpečnost e-shopů (HTTPS, XSS, CSP)
 
Poučte se z cizích chyb
Poučte se z cizích chybPoučte se z cizích chyb
Poučte se z cizích chyb
 
Minulé století volalo (Cross-Site Scripting + BeEF + CSP demo)
Minulé století volalo (Cross-Site Scripting + BeEF + CSP demo)Minulé století volalo (Cross-Site Scripting + BeEF + CSP demo)
Minulé století volalo (Cross-Site Scripting + BeEF + CSP demo)
 
Password manažeři detailněji – 1Password, LastPass, 2FA, sdílení
Password manažeři detailněji – 1Password, LastPass, 2FA, sdíleníPassword manažeři detailněji – 1Password, LastPass, 2FA, sdílení
Password manažeři detailněji – 1Password, LastPass, 2FA, sdílení
 
Operations security (OPSEC) in IT
Operations security (OPSEC) in ITOperations security (OPSEC) in IT
Operations security (OPSEC) in IT
 
HTTPS (a šifrování) všude
HTTPS (a šifrování) všudeHTTPS (a šifrování) všude
HTTPS (a šifrování) všude
 
HTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English versionHTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English version
 
Bezpečnost na mobilních zařízeních
Bezpečnost na mobilních zařízeníchBezpečnost na mobilních zařízeních
Bezpečnost na mobilních zařízeních
 
Základy webové bezpečnosti pro PR a marketing
Základy webové bezpečnosti pro PR a marketingZáklady webové bezpečnosti pro PR a marketing
Základy webové bezpečnosti pro PR a marketing
 
I forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and whyI forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and why
 
Hlava není na hesla
Hlava není na heslaHlava není na hesla
Hlava není na hesla
 
HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS)HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS)
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Web Server Application Logs LTEC2013

  • 1. Poor Man's Digital Forensics Michal Špaček Lead Web Developer Slevomat.cz www.michalspacek.cz @spazef0rze
  • 2. Web Developers http://example.com/products I'm a web developer. I've been a web developer since, like, 2000. Web developers, you know, build web applications and web applications run on the Internet and are using addresses just like this one above. www.michalspacek.cz @spazef0rze
  • 3. So Web Developers http://example.com/product?id=123 The better of us they also build web applications with addresses looking like this one. Such web application displays a lot of useful details about a product or whatever info the developer of the application wants it to display. www.michalspacek.cz @spazef0rze
  • 4. Wow, Web Developers http://example.com/product? id='+UNION+SELECT+1,2,3,4+# SQL Injection Attack The best of us, web developers, they build applications which display a lot of useful details and also whatever the bad guy wants the application to display. This is called the SQL Injection Attack and it is responsible for some major information leaks in last few years and is caused by the developer not properly handling user input. It is pretty common, unfortunately. www.michalspacek.cz @spazef0rze
  • 5. Many Web Developers http://example.com/products http://example.com/product?id=123 http://example.com/product? id='+UNION+SELECT+1,2,3,4+# So we are web developers, building web applications. The applications are different, of course, but there's one thing making them all the same, at least from one particular point of view. The applications are viewed from web browsers making requests to web servers. And guess what… www.michalspacek.cz @spazef0rze
  • 6. All the Internet WEB SERVERS are writing access LOGS! Yes! Exactly. Whenever there's a request coming from a browser no matter what information ends up being sent back to it, the requested address is written down to the server access log. So later you can see what your users are looking for, if needed. www.michalspacek.cz @spazef0rze
  • 7. All the Internet YOUR WEB APPLICATION should be writing application LOGS! Just like the web server your application can also write logfiles. These files should contain more information and debugging data because your application knows much more about the request than the server. It knows a lot about a user making the request, what they want to buy and what was the result of charging their payment instrument. www.michalspacek.cz @spazef0rze
  • 8. Many Logs ● Disk s p a c e ● Logger performance ● Somebody has to read logs Of course, logging is not easy. It's hard because logs take space and once your log files are too big there's no more room for other data on the server and the server stops serving requests. The server has to perform well because it simply has more things to do. Your hard drives need to perform well too. And the hardest part about logging is that somebody has to read the logs. www.michalspacek.cz @spazef0rze
  • 9. Be a Digital Forensics Guy Search the logs for SELECT BUT! If you have logs you can be a digital forensics guy, too! No, not the pro one, but good enough to detect a breach or data leak. Just search the logs for some keywords and while you may get some false positives, you may also spot something. Remember the SQL Injection Attack example? But please, don't modify the logs, the pros need them in their original state. www.michalspacek.cz @spazef0rze
  • 10. Michal Špaček says Write logs Read logs Before it's too late Here's my advice. Write the logs. Read them as well. A lot of companies don't know they had their data leaked until they read it on TechCrunch or Slashdot. That is well too late. Do something so that you're the first one to know that something went wrong. The second one, actually. The first one is always the guy making it away with your data. www.michalspacek.cz @spazef0rze