How to Catch Hackers: Security Auditing and Logging

This session examines the code that developers must write in order to enable the detection of malicious activity and preservation of evidence after a security breach.

There are only two kinds of software applications: those that have been hacked, and those that will be hacked. Since it is only a matter of time before an incident occurs, take action now to make sure you find out before the Wall Street Journal does. Key components of your strategy should include tamper-proof audit trails, appropriate log events (some might surprise you!), and regular monitoring. Because hackers know they need to cover their tracks, specific attacks against logging mechanisms are also covered.

About Roman Hustad

Roman is a Principal Software Security Consultant at Foundstone, a small division of McAfee that provides security assessment, training, and software design services to corporate and government organizations around the world. After spending most of his life building software, now he figures out ways to break it through penetration testing, threat modeling, and code review. On the proactive side, he leads software design sessions, teaches Java security courses, and participates in the Hacme Books open-source project. In his ever-dwindling spare time Roman enjoys mountaineering, scuba diving, and other outdoor pursuits.

More About Roman »