ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4792/recommended.adoc
Arseniy Zaostrovnykh 7ca29f686f Force linebreaks
2021-02-02 15:02:10 +01:00

17 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

== Recommended Secure Coding Practices
* Check that your production deployment doesn't have its loggers in "debug" mode as it might write sensitive information in logs.
* Production logs should be stored in a secure location which is only accessible to system administrators.
* Configure the loggers to display all warnings, info and error messages. Write relevant information such as the precise time of events and the hostname.
* Choose log format which is easy to parse and process automatically. It is important to process logs rapidly in case of an attack so that the impact is known and limited.
* Check that the permissions of the log files are correct. If you index the logs in some other service, make sure that the transfer and the service are secure too.
* Add limits to the size of the logs and make sure that no user can fill the disk with logs. This can happen even when the user does not control the logged information. An attacker could just repeat a logged action many times.
Remember that configuring loggers properly doesn't make them bullet-proof. Here is a list of recommendations explaining on how to use your logs:
* Don't log any sensitive information. This obviously includes passwords and credit card numbers but also any personal information such as user names, locations, etc... Usually any information which is protected by law is good candidate for removal.
* Sanitize all user inputs before writing them in the logs. This includes checking its size, content, encoding, syntax, etc... As for any user input, validate using whitelists whenever possible. Enabling users to write what they want in your logs can have many impacts. It could for example use all your storage space or compromise your log indexing service.
* Log enough information to monitor suspicious activities and evaluate the impact an attacker might have on your systems. Register events such as failed logins, successful logins, server side input validation failures, access denials and any important transaction.
* Monitor the logs for any suspicious activity.
Reference in New Issue View Git Blame Copy Permalink