Insufficient Logging and Monitoring
Exploit Perform a dictionary attack against the "system_admin" user
Mitigation
- Store logs in a central location
- Log sufficient user context to identify suspicious activity
- Log useful metadata in a form that is easily parsed
- Store each instance of important events (e.g. login attempts) to create an audit trail
- Use active monitoring or alerting
Write Up |
Video