Insufficient Logging and Monitoring

Vulnerability Details

The application lacks comprehensive logging of security-relevant events and does not have adequate monitoring or alerting mechanisms.

Security incidents may go undetected, delaying response times and increasing potential damage. Forensic investigation becomes difficult without proper logs.

Implement logging for authentication events, access control failures, input validation failures, and application errors. Centralize logs and implement real-time alerting. Ensure logs are tamper-proof.

• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/02-Test_Application_Platform_Configuration