The Diana Initiative 2021

This talk focuses on the five philosophies of logging for future breaches. I have dealt with teams who have suffered a compromise and had sensitive data disclosures. In my experience I have almost always used the logs, they can contain so much information or they can contain equal amounts of noise. I am on a crusade, to turn developers into ninja forensic coding logging forces of nature. I would like to deal with breaches in which care has been taken with the logs they produce, and not always mumble to my “It would have been nice to have better logs or any logs for that matter”. It is easy to ask yourself the question as a developer. Do you take into account that your application will be breached, do you have enough information to determine what happened?” If you answered “I do not know” or “No”. This talk focuses on five simple things developers can potentially do better to deal with future breaches. It also discusses the concept of log debt and how having this can be the downfall of your breach investigation.