Practice free →
HomeBCA Cyber SecuritycybersecurityWeb Security — OWASP › OWASP recommends LOGGING and MONITORING for the …

OWASP recommends LOGGING and MONITORING for the SECURITY LIFECYCLE because

Ato make user-facing websites slower
Blogs help spot and respond to breaches
Clogs save disk space and money
Dlogs improve SEO and reach users
Answer & Solution
Correct answer: B. logs help spot and respond to breaches
1. OWASP A09 (2021): Security LOGGING and Monitoring Failures. 2. WITHOUT proper logging: attackers can dwell in systems for MONTHS undetected. Industry data: average breach detection time is 200+ days. 3. WHAT TO LOG: authentication attempts (success+failure), authorisation failures, input validation failures, high-value transactions. 4. WHAT TO MONITOR: log volume anomalies, repeated 401/403 from same IP, unusual access patterns, lateral movement. 5. DON'T LOG: secrets, passwords, full credit card numbers, PII without justification. 6. Send logs to a SECURED, REMOTE log aggregator (so an attacker who compromises a host can't delete evidence). _Source: OWASP Top 10 2021 — A09: Security Logging and Monitoring Failures._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions