Official Content

This document provides security information to protect your applications against attacks that can result from insufficient system and application logging and monitoring.

Security Logging and Monitoring Failures - OWASP Documentation

Actions by GeneXus

Actions by Developers

  • If GeneXus Access Manager (GAM) is not used, a customized access control module and the corresponding logging actions must be developed. The following events should be logged:

    • Login

    • Password change

    • Password recovery

    • User is authorized

    • User is not authorized

    • Create/Update/Delete users.

    • Create/Update/Delete roles and permissions.

  • If GAM is used, the first three items of the previous list are covered by default

    • See the following document to learn how to solve the other points with GAM.

  • In any case, high-impact Transactions need to be identified and logged as they are business-specific and GeneXus cannot perform these actions automatically.

  • Must establish a monitoring process and effective alerts to act in an acceptable time window. Also, a response plan like NIST 800-61 rev. 2 or later.

Availability

Since GeneXus 18 upgrade 1.

Last update: 23 January 2024 by jpromero
Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant