SAMMY works best on screens 1024px wide or larger.
ASVS
Browse ASVS
V16.4: Log Protection
V16.4.1
V16.4.1: Verify that all logging components appropriately encode data to prevent log injection.

Verify that all logging components appropriately encode data to prevent log injection.

ASVS Maturity
Not applicable - The control is not applicable for the given scope.
Not implemented / not verified - The control is not implemented or not verified.
Limited implementation - The control is implemented for the most critical parts of the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Systematic implementation - The control is systematically implemented and pervasive in the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Full implementation - The control is fully implemented for the complete codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Description

Verify that all logging components appropriately encode data to prevent log injection.

V16.4.2
V16.4.2: Verify that logs are protected from unauthorized access and cannot be modified.

Verify that logs are protected from unauthorized access and cannot be modified.

ASVS Maturity
Not applicable - The control is not applicable for the given scope.
Not implemented / not verified - The control is not implemented or not verified.
Limited implementation - The control is implemented for the most critical parts of the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Systematic implementation - The control is systematically implemented and pervasive in the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Full implementation - The control is fully implemented for the complete codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Description

Verify that logs are protected from unauthorized access and cannot be modified.

V16.4.3
V16.4.3: Verify that logs are securely transmitted to a logically separate system for analysis, detection, alerting, and escalation. The aim is to ensure that if the application is breached, the logs are not compromised.

Verify that logs are securely transmitted to a logically separate system for analysis, detection, alerting, and escalation. The aim is to ensure that if the application is breached, the logs are not compromised.

ASVS Maturity
Not applicable - The control is not applicable for the given scope.
Not implemented / not verified - The control is not implemented or not verified.
Limited implementation - The control is implemented for the most critical parts of the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Systematic implementation - The control is systematically implemented and pervasive in the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Full implementation - The control is fully implemented for the complete codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Description

Verify that logs are securely transmitted to a logically separate system for analysis, detection, alerting, and escalation. The aim is to ensure that if the application is breached, the logs are not compromised.