The era of defaced websites may be over but web based attacks are more sophisticated than ever and damages far greater than the embarrassment of graffiti on your company’s home page. Between SQL Injection is still a problem but with Heartbleed and extremely complex attacks that exploit vulnerabilities on both the web server and browser we have our work cut out for us. On top of that nearly application today is web-based and exposed to the Internet.
One of the key defense strategies is of course security log monitoring and when it comes to protecting web and application servers we are talking about the logs produced by IIS and Apache in the industry standard W3C format.
W3C web server logs document every interaction between web server and client with a wealth of valuable information about the request, the client and so on. But there’s multiple records for each and every page view so we are definitely talking big data.
W3C logs can also vary from one installation to the next because the W3C specification itself allows for customization.
In this webinar I’ll introduce you to the W3C spec. You’ll learn the log format and the meaning behind all its standard fields.
From there we will dive into how to analyze W3C logs in order to detect attacks. There are some things you can detect from looking at one record at a time but to get the real security value out of web servers logs you need to look at the data as a whole – in terms of trends, patterns and anomalies. A. N. Ananth from our sponsor, EventTracker, is joining me and together we’ll offer our best tips for how to do real analysis of W3C web and application server logs.
Here’s a few of the things we’ll talk about:
- Why should you alert on URL requests that have never before appeared in the log?
- How can you correlate W3C events with activity from other logs?
- Why does URL length matter?
- What do error codes have to do with security?
- How much value do client information like browser and geo location really matter?
- Why should you trend on your top hit URLs?
This will be highly technical real training for free ™ so don’t miss it. Please register now!