Preventing Log Injection
If you are not already familiar with the concept of Log Injection, please review the article entitled “What Is Log Injection ?“.
To learn more about how to detect Log Injection vulnerabilities, please see the article entitled “How To Test For Log Injection“.
They key to preventing Log Injection is two-fold:
- Perform input validation: Limit the character set and format to be what your requirements dictate and reject any input that fails to meet your expectations. Perform input validation on both the client and the server (as applicable).
- Neutralize Problematic characters: The following characters should be “escaped” or replaced when they appear within inputs that are written to log files/records:
|0x8 (octal 8)||Backspace|
Note that log files whose content will be rendered by a browser or presented as XML must also neutralize HTML meta-characters. Standard HTML Entity encoding will suffice.
Log information that is stored in a database should be written in compliance with the guidelines presented in “How To Prevent SQL Injection“, which will protect against both SQL Injection and Log Forging.
About Affinity IT Security
We hope you found this article to be useful. Affinity IT Security is available to help you with your security testing and/or to train your developers and testers. Contact us to learn how to partner with us to protect your enterprise.
Although every effort has been made to provide the most useful and highest quality information, it is unfortunate but inevitable that some errors, omissions, and typographical mistakes will appear in these articles. Consequently, Affinity IT Security will not be responsible for any loss or damages resulting directly or indirectly from any error, misunderstanding, software defect, example, or misuse of any content herein.