Uploaded image for project: 'XWiki Infrastructure'
  1. XWiki Infrastructure
  2. XINFRA-421

Improve documentation of application security logging

    XMLWordPrintable

Details

    • Unknown

    Description

      "In the log administration, there are about 2500 loggers, each with five log levels. However, it’s unclear what a specific logger actually logs when it’s configured."

      "There is no central exhaustive documentation of all the logs that exist right now (and there probably never will be)"

      Monitoring XWiki from a security perspective is not straightforward. From a security perspective (and, of course, privacy perspective), you need to have a clear understanding of what your logger configuration does.

      The OWASP Logging Vocabulary Cheat Sheet offers a standardized vocabulary for logging security-relevant events. It can also be seen as a list of key security events that should be logged.

      The Documentation Draft for Application Security Logging is designed to document the corresponding logger configuration in logback.xml for each event listed in the OWASP Logging Vocabulary Cheat Sheet.

      Attachments

        Activity

          People

            Unassigned Unassigned
            CycleSEC Sebastian Klipper
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: