LASCON X

Applications log their activities for a variety of purposes including security. Developers and operation personnel adopt OWASP tools and others to enhance the security posture of their products and services.

On the one hand, businesses have different security requirements based on risks faced by and trust levels required of their products. More relevant security guidance is often needed by developers. On the other hand, GDPR is the law safeguarding privacy of individual EU citizens. This affects all products sold or operated in EU. Developers often raise questions regarding to what data can or cannot be logged to keep GDPR compliance. Although many material and training on GDPR exist, few provides guidance on application logging.

In this talk, we describe how we address these issues, including security and privacy related to application logging, protection of log data, and impacts of GDPR. Audiences will take away with recommendations and tips.