What is Log Forging

  1. Data enters an application from an untrusted source.
  2. The data is written to an application or system log file.

string val = (string)Session[“val”];
try {
int value_v = Int32.Parse(val);
}
catch (FormatException fe) {
log.Info(“Failed to parse val= “ + val);
}

Picture Credit: AttackFlow

How to fix this Issue

Prevent log forging attacks with indirection:

--

--

--

Craftsment, AvGeek, Cyclist

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to secure your account in case you lose your phone?

Elliptic Curves — Still Hanging On In There in a Post-Quantum World?

Data Governance Tools and Threat Intelligence for Microsoft Office 365

Learnings from the SHAttered Security Incident

Start-up Society #8— July 10, 2020

Drupal 7 End of Life (EOL) Date Extended

Gallery Vault Hide Pictures & Videos (Pro) 3.19.28 Apk + Mod

Gallery Vault Hide Pictures & Videos (Pro) 3.19.28 Apk + Mod

⛱ LumoTools ($LMT) Whitelist & Presale

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kelum

Kelum

Craftsment, AvGeek, Cyclist

More from Medium

Network Services

Update to Log4shell Detection With Falco

ngrok — Make full use of free tier version to expose your localhost to the internet

VishwaCTF-22 => “Hey Buddy!” (Web)