It's been a few days, but OWASP Top10 2007 is out.
I am still thinking about the logging implications of these. For now, it will suffice to say that web logs do have the info useful for (at least) investigating the incidents which involve exploitation of some Top10 flaws.
No comments:
Post a Comment