AppSec Blog: Daily Archives: May 24, 2009

Logging Cookies and Ambushing Lazy Pentesters.

Logging is probably one of the dry topics in application security. Without logs, debugging or even incident handling is soo much more exciting! One of the little Apache tricks I learned is to log cookie information in your Apache log. The cookie typically includes the session ID, which then links to a particular user. So … Continue reading Logging Cookies and Ambushing Lazy Pentesters.