Log evasion: Log me if You can!
▻https://hackernoon.com/log-evasion-log-me-if-you-can-51a3b7fc1770?source=rss----3a8144eabfe3---
There are different approaches when it comes to logging: to log every input as rawly as possible or to clean up log events and user inputs before saving them. There are pros and cons for both approaches. Which ever path you choose, it is important to remember your choise when analysing these log events. Just.. not to get any surprises on the way.I’ll try to illustrate my point with the following #aws S3 Server Access Log example. Although I’m bringing an example based on S3, please keep in mind that there are other application servers with similar “logging features”. So make sure you have a good overview about how your systems deal with event logging.PrologI created my S3 bucket and enabled the server access logging. You can refer to Amazon’s tutorial.To analyse the S3 access logs, I (...)