Five Philosophies for Building Better Application Logs

Discover five essential philosophies for creating more effective application logs in this insightful 23-minute talk by Veronica Schmitt at an OWASP Foundation event. Explore the importance of building forensic and breach readiness into application logs, drawing from real-world experiences with compromised teams and sensitive data disclosures. Learn how to transform developers into "ninja forensic coding logging forces of nature" by implementing strategies that balance information richness with noise reduction. Delve into topics such as understanding the attack process, keeping logs simple and tagged, cleaning log data, implementing appropriate logging practices, considering log access, and preparing for incident response. Gain valuable insights on how to enhance your application's security posture and be better prepared for potential breaches through improved logging techniques.

Intro
Who am I
Understanding the attack process
Unicorn Project and Phoenix Project
The 5 philosophies
The developers
Keep it simple
Keep it tagged
Keep it cleaned
Log accordingly
Consider who has access to logs
Incident response
Be kind to your future
Outro