https://wiki.owasp.org/index.php?action=history&feed=atom&title=Test_time_synchronisation_%28OTG-LOG-001%29 2026-04-26T09:43:51Z Revision history for this page on the wiki MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=Test_time_synchronisation_(OTG-LOG-001)&diff=160843&oldid=prev 2013-10-15T14:25:28Z

<p>New content</p> <p><b>New page</b></p><div>== Brief Description ==<br /> Without time synchronization across systems it is impossible to correlate events and actions.<br /> <br /> == Issue ==<br /> In the event of a suspected or actual security incident, it will be necessary to aggregate information for all types of system component event logs and audit trails. This information is vital to investigations and forensic testing. If the web servers' time is adrift this can make event correlation much harder and may invalidate the information.<br /> <br /> Incorrect time can also affect some business functions provided by applications that are time-dependent (e.g. deadlines for submissions, expiry of offers, time-limited access controls, auction bids). The modification of server time could be used in some attacks.<br /> <br /> == Example ==<br /> <br /> The HTTP headers returned by https://www.owasp.org/index.php/Main_Page are:<br /> <br /> Date: Tue, 15 Oct 2013 14:11:09 GMT<br /> Server: Apache<br /> X-Frame-Options: Deny<br /> X-XSS-Protection: 1; mode=block<br /> X-Content-Type-Options: nosniff<br /> Content-Language: en<br /> Vary: Accept-Encoding,Cookie<br /> Expires: Wed, 16 Oct 2013 14:11:09 GMT<br /> Cache-Control: max-age=86400<br /> Content-Encoding: gzip<br /> Content-Type: text/html; charset=UTF-8<br /> 200 OK<br /> <br /> If the tester's time is the same (e.g. 14:11 GMT+1) then the time is correctly synchronised. The degree of accuracy is application dependent, but it would be unusual to be more than a minute or so adrift for any server that uses robust reference time sources.<br /> <br /> == Testing Method ==<br /> <br /> Time should be checked at all locations where the application exposes such information:<br /> <br /> * Date HTTP header (as above)<br /> * User-visible audit trail timestamps<br /> * Last modified dates/times displayed after additions or updates are made<br /> * Last logged in data where the time is included as well as the day<br /> * Accessible event logs<br /> <br /> == Test Tools ==<br /> <br /> Web browser and the ability to examine HTTP headers.<br /> <br /> == Related Test Cases ==<br /> <br /> None.<br /> <br /> == References == <br /> <br /> * [[Logging Cheat Sheet]], OWASP<br /> * [http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf SP 800-92] Guide to Computer Security Log Management, NIST<br /> * [https://www.pcisecuritystandards.org/security_standards/documents.php PCI DSS v2.0] Requirement 10 and PA-DSS v2.0 Requirement 4, PCI Security Standards Council<br /> * [http://www.ntp.org/ NTP: The Network Time Protocol]<br /> <br /> == Remediation ==<br /> <br /> Ensure the application, application servers, web servers and other supporting infrastructure are configured to synchronize their time with trusted reference time sources.</div>

Clerkendweller