"This article examines the dismal state of application-layer logging as
observed from the authors� years of experience in performing source
code security analysis on millions of lines of code. It argues that
effective logging is often ignored in the push for application security
and demonstrates how applications can benefit from a real-time
detection of attacks. An idea of a practical implementation is
discussed, along with an examination of some of the associated risks
and costs."
Article Link http://www.securityfocus.com/infocus/1888
