1
00:00:00,150 --> 00:00:05,230
Lastly you are touching on insufficient logging and monitoring.

2
00:00:05,310 --> 00:00:11,370
Now again just a high level overview is something that you know you think and you probably are in the

3
00:00:11,370 --> 00:00:16,170
security mindset in that you're just like yeah that makes sense why aren't people doing it.

4
00:00:16,170 --> 00:00:19,940
Well it makes sense and the last one with patching right and people just don't do it.

5
00:00:20,340 --> 00:00:25,070
So we have that mindset but not everybody has that mindset and that's why we have jobs.

6
00:00:25,200 --> 00:00:31,550
So you know with logging and monitoring you've got to have logs right.

7
00:00:31,560 --> 00:00:34,400
You've got to have logs you've got to have auditable events.

8
00:00:34,400 --> 00:00:40,440
You got to make sure that when somebody logs into your application you have that tracked.

9
00:00:40,440 --> 00:00:46,830
If somebody if you're having failed logging attempts you're having that tracked if people are attempting

10
00:00:46,830 --> 00:00:49,970
to attack your your interface.

11
00:00:49,980 --> 00:00:51,570
You should have that law.

12
00:00:51,570 --> 00:00:54,910
You should have that being monitored.

13
00:00:54,990 --> 00:00:55,350
Right.

14
00:00:55,350 --> 00:01:03,810
You should have everything and anything being logged when it comes to these sort of high value I guess

15
00:01:03,810 --> 00:01:05,640
high value applications.

16
00:01:05,640 --> 00:01:11,880
So if a user logs in at a certain date and time you should know about it and if an attack is generated

17
00:01:11,880 --> 00:01:13,880
you should know about it you should be alerted.

18
00:01:14,010 --> 00:01:19,490
And that's something that we test for on web apps is something that we test for when we're scanning

19
00:01:19,500 --> 00:01:20,670
even networks.

20
00:01:20,850 --> 00:01:25,080
If you're not catching me when I'm scanning you or if I'm sitting there running brute force attacks

21
00:01:25,080 --> 00:01:30,340
against you or a sequel injection attacks or I'm running an active scam with burps sweet and all that

22
00:01:30,340 --> 00:01:35,400
she's going through and nothing's triggering on your end guess what that's going into the report as

23
00:01:35,400 --> 00:01:37,280
you didn't catch me doing this.

24
00:01:37,280 --> 00:01:41,640
And you know it was number 10 insufficient logging in monitoring right.

25
00:01:41,640 --> 00:01:43,470
You're not picking up on what I'm.

26
00:01:43,680 --> 00:01:45,360
I'm putting out there.

27
00:01:45,600 --> 00:01:54,300
So it's important to you know be able to detect and monitor these these activities especially it says

28
00:01:54,300 --> 00:01:58,920
here suspicious activities and you really need that audit trail.

29
00:01:58,920 --> 00:02:03,770
It really helps from a security perspective if there's an account breach.

30
00:02:03,840 --> 00:02:09,240
It's important to know you know who logged in at what time and who was the account that happened during

31
00:02:09,240 --> 00:02:09,720
the breach.

32
00:02:09,720 --> 00:02:13,080
Was it somebody that got attacked was an insider threat.

33
00:02:13,450 --> 00:02:15,390
You know who got compromised.

34
00:02:15,540 --> 00:02:21,300
And this is all little details that will become very very important later on or could become very important

35
00:02:21,300 --> 00:02:22,250
later on.

36
00:02:22,320 --> 00:02:24,680
And then the monitoring aspect is important.

37
00:02:24,690 --> 00:02:29,040
You want to be able to prevent attacks if they're happening or at least detect the attacks when they're

38
00:02:29,040 --> 00:02:34,740
happening so you can do something about it like blacklist an IP address that might be brute forcing

39
00:02:34,740 --> 00:02:34,980
you.

40
00:02:35,550 --> 00:02:41,730
So that's the very high level of this and it should all make sense the last two should really be like

41
00:02:41,760 --> 00:02:44,130
Yeah that that's common sense.

42
00:02:44,130 --> 00:02:45,390
Right.

43
00:02:46,080 --> 00:02:51,150
So from here we are we are wrapped up on the web app section.

44
00:02:51,150 --> 00:02:54,750
We are going to start moving into wireless penetration testing.

45
00:02:54,750 --> 00:02:56,790
I love wireless penetration testing.

46
00:02:56,940 --> 00:02:59,810
And then from there we've only got two more sections after that.

47
00:02:59,840 --> 00:03:06,510
So we're nearing the end of our journey but I'm I'm excited too to keep chugging along in and getting

48
00:03:06,510 --> 00:03:06,900
through it.

49
00:03:06,930 --> 00:03:10,920
So I'll see you over in the next section when we start talking about wireless penetration testing.