10.Insufficient Logging & Monitoring (OWASP TOP 10)

Insufficient Logging & Monitoring  

* potential vulnerabilities exits if :

* Auditable events , such as logins , failed logins ,and high-value transactions are not logged .

* Warnings and errors generate no, inadequate , or unclear log messages .

* Logs of application and APIs are not Monitored for suspicious activity .

* Logs are only stored locally 

* Appropriate alerting thresholds and response escalation processes are not in place or effective .

* Penetration testing and scans by DAST tools (such as OWASP ZAP ) are not in place or 

effective .

* Example scenario:

* An open source project forum software run by a small team was hacked using a flaw in its software .

the attackers managed to wipe out the internal source code repository containing the next version   , and an of the forum contents , Although source could be recovered , the lack of monitoring ,logging or alerting led to a for worse breach the forum software projects no longer actives as a result of the issue .

* An attacker uses scans for using a common password , they can take over all other users , this scan leaves only one false login behind after some days ,this may be repeated with a different passwords.