LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is A09 Security Logging and Monitoring Failures?

You can't respond to an attack you can't see — without adequate logging, alerting, and tamper-resistant storage, breaches go undetected for months and you have no trail to investigate them.

This is the "meta" risk: it doesn't cause a breach by itself, it lets every other breach succeed quietly. Concrete scenario: an attacker brute-forces logins for a week. With proper logging and alerting, the spike in failed attempts trips an alert on day one. With A09 failures, there's no alert and no usable log, so the first sign of trouble is a customer noticing their account drained. Industry breach reports repeatedly show median detection times measured in months — that gap is exactly what good monitoring closes. (Logs must also be centralized and integrity-protected, or an attacker simply deletes them on the way out.)

Issues:

  • Insufficient logs - not enough detail
  • No monitoring & alerting - attacks go unnoticed
  • Local storage only - easily tampered with
  • Missing integrity checks - logs can be modified

Countermeasures:

  • Audit trail for all security events
  • Integrity and proper encoding of log data
  • Centralized logs in normalized format
  • Effective monitoring and alerting systems
  • Incident response and recovery plan

See: OWASP Logging Cheat Sheet | OWASP AppSensor — application-layer intrusion detection

Go deeper:

From Quiz: SPRG / OWASP Top 10 | Updated: Jul 05, 2026