Infosys experts share their views on how digital is significantly impacting enterprises and consumers by redefining experiences, simplifying processes and pushing collaborative innovation to new levels

« Data Discovery in Large Data Volumes | Main | How to design data privacy controls for your legacy data? »

Protecting logs in digital app

Logs are important in a digital application as it can provides various information about the application. Information like success message at different stages of application, display error message and where the error is coming from, login information, server IP etc. It makes debugging of application easy. It is very helpful in development mode but need to handle it more carefully in production mode as it can expose sensitive information also. 

If not handled correctly logs can expose information like:

  1. Workflow of an application.
  2. User data.
  3. Security tokens.

 

Workflow of an application:

                Workflow of an application defines from where to where the data is flowing in our application. It can give the attackers the idea of how the application is designed e.g. In case of authentication, logging something like "Generating Token", "Token verified" etc. can lead the attacker to know about our authentication process that it uses a token for authentication.

This type of log can be very useful in development mode as it can help to debug the application and to make sure that everything is working fine in the application. But in production mode we should remove this type of logs as it can expose enough data to make our application vulnerable.

 

User Data:

Sending or getting user data from server in our digital application and logging them to see the correctness of the data is more common. But these logs need to be handled very carefully as it can contains user information like contact, email, address etc. Leaving this type of logs in production mode can cause data leakage and that is not good for the application security as well as for the user as it might contain information like payment information which when leaked can be disastrous for the user.

We should remember while logging this type of loggers to remove those before sending the application to production.

 

Security Token:           

                Security tokens are the token which is generally used to authenticate a user or a session so that we can send these tokens with every request to the server and then the server validate the token and allows the user to access the resources on the server. Now imagine if we log this token in our application, the attackers can get hold onto that token and can use this token to access server resources and the user data. This is the a very big security risk for an application. Attackers accessing to the server side can also make our database vulnerable to attack.

We should avoid logging any of these logs to make our application more secure.

 

Why iEDPS?

                Infosys Enterprise Data Privacy Suite (iEDPS) is an application which is used to protect sensitive information. Few out of many features of iEDPS can help in protection application logs are:

  1. Discovery: Discovery is the feature of iEDPS which helps in discovering sensitive data in a data source. The sensitive information can be SSN number, token, login details etc. In addition, a user can also have their own defined sensitive data pattern.
  2. Masking: Masking is the feature in which we can transform the sensitive data to make it secure.

So, with the help of iEDPS you can avoid different security risk that can occurs due to sensitive information shown in logs.

 

Summary:

Protecting logs is difficult in the production environment as it is easy to access logs of an application and if our logs contains sensitive information then the app is vulnerable to attack. This can also lead to unauthorized access to the application which is a big security problem. iEDPS is one of the best solutions for protecting the logs and hence making the application more secure.


Author: Malay Varma

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.