Posts tagged with #logback


Deploying application into secure environment adds some restrictions on logging and log management. OWASP community gives some useful recommendations. OWASP Security Testing Guide Recommendations OWASP Security Testing Guide defines a number of questions to be answered when reviewing applciaiton logging configuration (see OTG-CONFIG-002): 1. Do the logs contain sensitive information? Log files should not contain any sensitive data. Anyway, log file access must be restricted: Event log information should never be visible to end users.