Increasing Auditability in Web Application Security

As more services become web based and open to a larger audience, security is become a key concern. We discuss the idea of auditability of a transaction in the web application environment and how current logs may not capture minimum information required to have a complete audit record. We then propose a solution to this that involves a design as well as a tool that can be integrated into an existing web application to generate supplementary logs of database activity and user profile information with a focus on auditability of transactions. Finally we talk about results of tests that we conducted of this tool on an actual web application.