Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

Toggle Arrow IconV2 - AuthenticationToggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access ControlToggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - CryptographyToggle Arrow IconV7 - Error Logging
Non Customized Error Messages (Error Message Reveals Internal IP Address/Underlying Technology) Stack Trace in Error Message Unhandled Error Messages - SQL Queries Revealed Visible Detailed Error/Debug Page
Toggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious CodeToggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - APIToggle Arrow IconV14 - Config
Arrow Left

V7 - Error Logging

The primary objective of error handling and logging is to provide useful information for the user, administrators, and incident response teams. The objective is not to create massive amounts of logs, but high quality logs, with more signal than discarded noise.


High quality logs will often contain sensitive data, and must be protected as per local data privacy laws or directives. This should include:


• Not collecting or logging sensitive information unless specifically required.


• Ensuring all logged information is handled securely and protected as per its data classification.


• Ensuring that logs are not stored forever, but have an absolute lifetime that is as short as possible.


If logs contain private or sensitive data, the definition of which varies from country to country, the logs become some of the most sensitive information held by the application and thus very attractive to attackers in their own right.


It is also important to ensure that the application fails securely and that errors do not disclose unnecessary information.


Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped