Logs are as important as SQLi, XSS or Secure Coding! OWASP has a “Logging Cheat Sheet”, and there are the “Windows Logging Cheat Sheet”, “Windows PowerShell Logging Cheat Sheet”, “Windows Splunk Logging Cheat Sheet” and several other I created, but we still lack an understanding of logging when it comes to Application Security and DevOps.
Enabling and configuration of logs must become as basic and a standard practice as doing WebApp security scans, secure code reviews or secure webapp design, which should include application log design and implementation. You don’t need an expensive log management solution to do good application security or DevOps log configuration. What we need is to include all our Cheat Sheets into DevOps builds so enabling and configuration is baked in and to include a log design review as a part of our application secure reviews. So WHEN we need log data, it is there for us.