API10:2019 — Insufficient logging and monitoring

Lack of proper logging, monitoring, and alerting allows attacks and attackers go unnoticed.

Proper logging, monitoring, and alerting provides the visibility to what is going on with your API.

Use case

  • Logs are not protected for integrity.
  • Logs are not integrated into Security Information and Event Management (SIEM) systems.
  • Logs and alerts are poorly designed.
  • Companies rely on manual rather than automated systems.

How to prevent

  • Log failed attempts, denied access, input validation failures, or any failures in security policy checks.
  • Ensure that logs are formatted so that other tools can consume them as well.
  • Protect logs like highly sensitive information.
  • Include enough detail to identify attackers.
  • Avoid having sensitive data in logs — if you need the information for debugging purposes, redact it partially.
  • Integrate with SIEMs and other dashboards, monitoring, and alerting tools.