The system must log the exact occurrence time
(date, hour, seconds, milliseconds, and time zone)
for each exceptional and security event.
Event logs must contain the exact time of occurrence
in order to allow backtracking in an investigation.
Once all the events to be logged are defined,
the system must be configured so that these logs
contain the date, hour, seconds, milliseconds and time zone
of the event occurrence.
In a security incident scenario,
event time and duration cannot be clearly identified
due to the lack of detail in log records.
Layer: Application Layer
Type of Control: Procedure
CWE-778: Insufficient Logging.
When a security-critical event occurs,
the software either does not record the event or omits important details about
the event when logging it.
V1.7 Errors, Logging and Auditing Architectural Requirements.(1.7.1)
Verify that a common logging format and approach is used across the system.
V7.1 Log Content Requirements.(7.1.4)
Verify that each log event includes necessary information that would allow for
a detailed investigation of the timeline when an event happens.
V7.3 Log Protection Requirements.(7.3.4)
Verify that time sources are synchronized to the correct time and time zone.
Strongly consider logging only in UTC if systems are global to assist with
post-incident forensic analysis.
Ready to start with Fluid Attacks?
Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.