Web application security - the fast guide 1.1 | Page 21

Chapter 1 - information Security overview
P a g e | 21
Figure 13: Custom error page
b. Keeping Audit logs: The worst attacks those that do not leave a
trace because it does not give any answer to investigators on what
assets has been compromised, information disclosed, accessed or
altered and nothing about used vulnerability or the identity of
attacker.
Audit logs should have precise information about all events,
transactions and access attempts that took place and its status
(failed, succeeded) with special focus on any abnormal request
showing malicious pattern.
When storing and managing audit logs it is very critical to be sure
that information cannot be accessed nor changed by attacker even
if that means to isolate as separated system or store the
information on write-once media.
Figure 14:Access Logs
c. You are under attack: another important issue in handling
attacker is to let the administrator know that the system is under