Middleware

[Wilsonator123]

Create a middleware on the backend

• [ ] Create a file which logs the request and time for each request made
• [ ] Create a file which validates the requests
• [ ] Should verify cookie on every request

  We should look at adding API keys for validating requests/rejecting requests from unknown sources

[Wilsonator123]

https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html

[Wilsonator123]

https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html#abac

[Wilsonator123]

• [ ] ABAC
• [ ] Logging
• [x] API timing
• [x] API limiting
• [x] Validation

[Wilsonator123]

Logging For Newbies

---

Contents

1. What is logging?
2. Why do we do it?
3. What do we log
4. How do we log affectively

---

What is Logging ?

I don't know 🤷

Logging is the storing of information to do with the operating of a systems. It can be used in multiple different ways and can contain different information. We use it to monitor and record actions taken on our system, whether by users or internal objects.

[!info] Example We can use logging to store all requests made to a database.
Within that log we could have a timestamp, the table / columns accessed, method (query) used, status (outcome) of the query, information on the user and more.

Why Do We Do It?

There a reasons why we use logging:

1. Identifying Security Incidents
2. Monitoring Policy Violations
3. Establishing Baselines
4. Assisting non-repudiation controls
5. Providing information about problems
6. Contributing to incident investigation
7. Helping to defend against vulnerability identification and exploitation

These methods revolve around the fact that logging can inform developers of how the systems is being used which can help increase security as it helps identify vulnerabilities, strange activities, and possible breaches

What Are We Logging?

Look inside yourself and find the answer 🙏 There are 4 questions that we ask when logging:

1. When
2. Where
3. Who
4. What

When

Information about when the event occurred

• Log timestamp (UTC)
• *Interaction identifier ¹

  Where

  Where did the event come from

• Application Name
• Location
• Where did the event originate (HTTP/ URL)
• Code location, script name

  Who

  Who is making the request (user or machine)

• Source address (IP, Application, Device)
• User identity (if available), user table primary key

  What

  What was the event

• Type of even ²
• Severity ²
• Description
• Reason
• Result Status (or HTTP Status)

• User Type

  1 - Interaction Identifier is a way to identify that links the user interaction with the event. E.g. of form submit, on button click, page request

2 - We need to create a list of types and severities which will link to the event e.g. 0=emergency, 1=fatal, 2=error 0=db read, 1=db write, 2=db modify, 3=db deletion etc.

To be discussed!

---

How Do We Log Effectively?

• [ ] Follow a predefined structure for logging
• [ ] Test logging to check functionality
• [ ] Use a different db for storing log info (separate from user db)
• [ ] Access to the logs is to be recorded
• [ ] Heavily restrict modification and deletions to the database
• [ ] Check logging consistency
• [ ] Implement strong access controls to logs
• [ ] Validate and sanitize all data being written to logs (especially since its a db)

[Wilsonator123]

https://datatracker.ietf.org/doc/html/rfc5424#section-4