R080. Prevent log modification

Requirement

System logs must not allow modifications or alterations.

Description

Logs are used to analyze a system’s behavior. They help detect errors and suspicious activity, and often hold very sensitive information. Therefore, they should be protected so that no unauthorized actor can modify them, since this could prevent a vulnerability or a breach from being noticed timely.

References

  1. CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

  2. CWE-285: Improper Authorization. The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

  3. ISO 27001:2013. Annex A - 12.4.2 Protect log facilities and information against unauthorized access and modification.

  4. OWASP Top 10 A5:2017-Broken Access Control. Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users' data, change access rights, etc.

  5. OWASP-ASVS v4.0.1 V7.3 Log Protection Requirements.(7.3.3) Verify that security logs are protected from unauthorized access and modification.

  6. PCI DSS v3.2.1 - Requirement 6.5.8 Address common coding vulnerabilities in software-development processes including improper access control (such as insecure direct object references, failure to restrict URL access, directory traversal, and failure to restrict user access to functions).

  7. PCI DSS v3.2.1 - Requirement 10.5.2 Protect audit trail files from unauthorized modifications.

  8. PCI DSS v3.2.1 - Requirement 10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to alter.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy