All queries to databases from web applications that are initiated by users, and any resulting crash or error messages, are centrally logged.
Topic
Web application interaction with databases
Applicable to
all
History
Priority
Should
Dec 2023
All queries to databases from web applications that are initiated by users, and any resulting crash or error messages, are centrally logged.
The existing control relating to the centralised storage of web application event logs was merged into the existing control relating to collecting database-related web application event logs. [ISM-1536, ISM-1757]
Mar 2022
The following events are logged for web applications: attempted access that is denied, crashes and error messages, and search queries initiated by users.
The approach to the management of event logs has been standardised to align with the Essential Eight Maturity Model. Furthermore, specific events to be logged, such as those related to databases, operating systems and web applications, have been moved to relevant guidelines.
Nov 2018
The following events are logged for web applications:
§ attempted access that is denied
§ crashes and any error messages
§ search queries initiated by users.
Added as a result of a split of security control 0987.