Day 13: OWASP Top 10 2021 – #9 Security Logging and Monitoring Failures
Security Monitoring and Logging were formerly known as Insufficient Logging and Monitoring It has moved up to the ninth position to be listed in the OWASP Top 10. This category includes mistakes made in the detection, escalation, and reaction to active breaches. Without logging and monitoring, breaches cannot be found. If your website doesn’t have a solid logging and monitoring mechanism in place, a compromise could become much worse.
Impact of Security Logging and Monitoring Failures
Your application is vulnerable to attacks that target any layer of the application stack if there is insufficient logging, monitoring, or reporting. For instance, failing to record, monitor, or report security events may lead to the following attack types:
- Code injection
- Buffer overflow
- Command injection
- Cross-site scripting (XSS)
Remedy to Security Logging and Monitoring Failures
- Logs should be synced and backed up. After infiltrating the server, the cybercriminal shouldn’t be able to delete all the logs, preventing any forensics. The foundation of any forensic inquiry is the reliability of the log gathering system.
- Make sure all private acts are recorded. This would include password changes, high-value transactions, and logins, among other things. This is useful for further hack investigation.
- Automate and routinely inspect the most important logs. Systems should be in place that notify you when a specific warning is triggered or when a predetermined warning level is reached so that you can take the appropriate action.
Utilize readily available auditing and logging tools to quickly spot unauthorized access attempts and suspicious activities. Logging and monitoring provide vital tools for pinpointing the source and path of an attack as well as for working out how security rules and controls could be tightened to thwart intrusions, even if a detected effort is unsuccessful.
CWEs List for Security Logging and Monitoring Failures
References To Get More Understanding of Security Logging and Monitoring Failures
This will be all for the Day 13 post. Hope you enjoyed it, kindly let me know in the comments section. Be sure to check out other blog posts of interest or come back tomorrow for the next day’s post.