OWASP TOP 10 / A09:2021

Security Logging and Monitoring Failures

Insufficient logging, monitoring, and alerting that lets breaches go undetected.

Without adequate logging and active monitoring, attacks succeed unnoticed — the average breach dwell time is measured in months. This category covers missing logs, unmonitored events, and unclear incident-response triggers.

You can’t respond to what you can’t see; detection is as important as prevention.

How to prevent it

Log security-relevant events, centralize in a SIEM, alert on suspicious activity, and test incident-response plans.

Mapped weaknesses (CWE)

CWE-778 CWE-117 CWE-223 CWE-532

Free tools to test for it

IOC Extractor →

Part of the OWASP Top 10 reference. See also the CWE weaknesses and Web Security hub.

Security Logging and Monitoring Failures

Mapped weaknesses (CWE)

Free tools to test for it

Related terms