sahildari
diff --git a/‎Log Forging/README.md‎
Lines changed: 21 additions & 0 deletions b/‎Log Forging/README.md‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎Log Forging/java/.mvn/wrapper/maven-wrapper.properties‎
Lines changed: 19 additions & 0 deletions b/‎Log Forging/java/.mvn/wrapper/maven-wrapper.properties‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎Log Forging/java/mvnw‎
Lines changed: 259 additions & 0 deletions b/‎Log Forging/java/mvnw‎
Lines changed: 259 additions & 0 deletions
@@ -0,0 +1,21 @@
+# Log Forging
+
+__Log Forging__ is a security vulnerability that occurs when unvalidated user input is written to the log files, allowing attackers to manipulate log entries or inject malicious content. Attackers can create misleading log entries, compromising the integrity of the logs and pushing the SOC team or the blue team into a rabit hole while creating false log entries. Common methods of log injection include __CRLF Injection__ It is also known as __Log Injection__
+
+You can use this repo as reference to mitigate the Log Forging/Log Injection vulnerability [CWE-117](https://cwe.mitre.org/data/definitions/117.html).
+
+## :warning: Important NOTE
+
+Never hardcode sensitive information in the logs(like passwords, tokens, user details, PII, PFI, PHI, etc.) it can result into other vulnerabilities, Privacy Violation [CWE-359](https://cwe.mitre.org/data/definitions/359.html), Trust Boundary Violation [CWE-501](https://cwe.mitre.org/data/definitions/501.html), Sensitive information exposure in the logs[CWE-532](https://cwe.mitre.org/data/definitions/532.html).
+
+## Mitigation
+
+:lock: Best Practices for Secure Coding in the Logs.
+
+:one: Input Sanitization to escape the CRLF characters and other dangerous characters.
+
+:two: Use Parameterized Logging
+
+:three: Restrict Log File Access
+
+:four: Centralized Logging and Monitoring
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+wrapperVersion=3.3.2
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip