Quiz Entry - updated: 2026.07.05
How do you implement traceability for security, and what should you NOT log?
Log security-relevant events (logins, access decisions, admin actions) for detection and forensics — but never log secrets like passwords, tokens, keys, or PII.
Maintain audit logs of security-relevant events for detection and forensics.
What TO log:
- Authentication events (login success/failure, logout)
- Authorization decisions (access granted/denied)
- Data modifications (who changed what, when)
- Administrative actions (user creation, permission changes)
- Security events (blocked attacks, anomalies)
What NOT to log (critical!):
- Passwords (even failed attempts — could be off-by-one of real password)
- Session tokens or API keys
- Credit card numbers, SSN, health data
- Encryption keys
Implementation tips:
- Use structured logging (JSON) for easy analysis
- Include timestamps, user IDs, source IPs, action taken
- Protect log integrity (append-only, signed)
- Send logs to a separate system attackers can't easily modify
Go deeper:
OWASP Logging Cheat Sheet — what to log and the secrets/PII to never log (passwords, tokens, keys).