A10:2017 - Insufficient Logging and Monitoring

Unofficial Content

Actions by GeneXus

  • GeneXus provides the GAM module which by default logs the events Login, Password Change and Password Recovery.

Actions by Developers

  • If GAM is used logging successful/unsuccessful Logins and add, change and modify user's information operations.
  • If GAM isn't used must develop a customized access control module and add the corresponding logging actions.
  • Must establish a monitoring process and effective alerts. Also, a response plan like NIST 800-61 rev2 or later.