Now, I swear I was thinking of writing exactly the paper like this for a long time, but never found time to do it. I am soooo happy somebody else did it!
So, enjoy "Detecting Attacks on Web Applications from Log Files" in SANS Reading Room: logs vs OWASP Top 10 web attacks - the battle of the century - who will win (bet on logs! :-))?
One thing I miss in the paper is that all suggested approaches are rule-based, not anomaly- or profiling-based. Regexes suck! :-)
6 comments:
Some problems with this that are at least partly discussed in Log Injection Attack and Defence...
http://www.sift.com.au/assets/downloads/SIFT-Log-Injection-Intelligence-Report-v1-00.pdf
Oh,yeah. That is a good "counter-logging" paper indeed; I saw it before.
thank goodness YOU didn't write the paper. this paper was very clear and concise.
Thanks for the comment - indeed, my writing has gotten a little more "rambling" (I suspect spending too much time near management did that);
I have to write something real technical, real quick :-)
I agree too. You're over-due for some thing really technical and a little more serious. :-)
OMG, I have to stop writing that GRC paper ASAP and go back to fixing bugs in my ugly Perl code to do log text mining :-)
Post a Comment