• Home
  • |
  • Blog
  • |
  • Security Logging and Monitoring – The #9 Web Application Security Risk
Security Logging and Monitoring - The #9 Web Application Security Risk

When a cyber attack happens, proper security logging and monitoring is essential to determine the entry point of the attack, the activities of the attacker within your systems, finding the source of the attack, how deeply the attackers managed to penetrate your systems, and mitigating the damage. This article explores why strong security logging and monitoring is a crucial defense against cyber threats.

CWEs Mapped242
Max Incidence Rate9.23%
Avg Incidence Rate6.51%
Avg Weighted Exploit6.87
Avg Weighted Impact4.99
Max Coverage53.67%
Avg Coverage39.97%
Total Occurrences53,615
Total CVEs242
A09:2021 – Security Logging and Monitoring Failures

Why Security Logging and Monitoring Failures Make the OWASP Top 10 List?

The OWASP Top 10 list outlines the most critical security risks to web applications. For the first time in 2021, security logging and monitoring failures made the list, coming in at number nine. This underscores how vital proper logging and monitoring is for security defenses.

This category covers several potential logging issues:

  • Insufficient logging (CWE-778) – Not capturing enough detail in logs to detect or investigate an attack.
  • Omission of security-relevant information (CWE-223) – Logging does not include essential data to identify security events and risks.
  • Insertion of sensitive data into logs (CWE-532) – Accidentally logging private user data that attackers can exploit.
  • Log injection (CWE-117) – Attackers manipulate app logs to execute malicious code.
  • Log forging (CWE-170) – Attackers falsify log data to cover their tracks.

Failing in any of these areas leaves major vulnerabilities open to cyber threats.

Real-World Impacts of Poor Logging Practices

Without comprehensive activity logging and real-time monitoring, you may never even know your systems were compromised. Attackers can stealthily steal data, install backdoors, and cover their tracks.

Even if you detect an intrusion, insufficient logging means you cannot effectively investigate the attack’s origin, methods, and impacts. Lack of detailed forensic data seriously hinders incident response and remediation.

OWASP Recommendations for Security Logging and Monitoring

OWASP provides extensive guidance on implementing robust logging and monitoring, including:

  • Log essential forensic details like user IDs, timestamps, IP addresses, request parameters, etc.
  • Synchronize system clocks for accurate forensic analysis.
  • Never log sensitive data like credentials or financial details.
  • Encrypt and protect log files to prevent tampering.
  • Continuously monitor logs with tools like Splunk.
  • Conduct frequent penetration testing to validate controls.

The Bottom Line

Robust security logging and monitoring serves as a critical early warning system and the foundation for investigating compromise incidents. No organization can afford logging gaps that allow attackers free reign inside their systems. Prioritizing comprehensive activity auditing and log monitoring is imperative for security success.

We hope this post helped in learning about OWASP Top #7 application security risk Security Logging and Monitoring. Thanks for reading this post. Please share this post and help secure the digital world. Visit our website, thesecmaster.com, and our social media page on FacebookLinkedInTwitterTelegramTumblrMedium, and Instagram and subscribe to receive updates like this.  

See Also  How To Fix CVE-2021-3064- A Memory Corruption Vulnerability In Palo Alto Networks GlobalProtect Portal?

Read More:

About the author

Rajeshwari KA

Rajeshwari KA is a Software Architect who has worked on Full Stack development, Software Design and Architecture for small and large-scale mission critical applications in my 16 + years of experience. You can connect with her on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.