Logging is a common practice for software developers of applications, such as web applications. Developers can use the data from a log, for example, for debugging the application, for generating statistics relating to an application, etc. Some applications, however, utilize sensitive information, such as credit card numbers, social security numbers, account numbers, etc., and at times, the sensitive information is written to a log, which poses security problems due to the highly sensitive nature of this information. The log becomes a possible point of potential theft or accidental distribution of the sensitive information. Theft of information represents a significant business risk in terms of the legal liabilities related to regulatory compliance. For example, to be PCI (Payment Card Industry) compliant, applications cannot log any sensitive data, such as passwords and credit card numbers, in a log.
Traditionally, application developers have manually inspected the application source code to help prevent any sensitive data from being written to a log. However, this traditional solution is prone to human error. In addition, as object oriented programming gets more complicated, it is often difficult to manually inspect the source code. Other conventional solutions implement a log monitoring tool to automatically and periodically inspect a log. When the monitoring tool detects sensitive information in a log, it can remove it from the log. However, there still remains a time where the sensitive information is stored in the log and during that time, the log is still a point of potential theft and prone to data loss.