保護DataHogo
Security Encyclopedia/OWASP Web Top 10
lowCWE-778A09:2021

Security Logging Failures

Missing or insufficient logging of security events like failed logins, access violations, and data changes makes it impossible to detect and respond to attacks.

How It Works

Without proper security logging, attacks go undetected. If you don't log failed login attempts, you can't detect brute force attacks. If you don't log authorization failures, you can't spot privilege escalation attempts. If you don't monitor these logs with alerting, even having them is useless. Most breaches are discovered months after the initial compromise — proper logging reduces this detection time dramatically.

Vulnerable Code
app.post('/api/login', async (req, res) => {
  const user = await authenticate(req.body);
  if (!user) {
    return res.status(401).json({ error: 'Invalid' });
  }
  res.json({ token: createToken(user) });
});
Secure Code
app.post('/api/login', async (req, res) => {
  const user = await authenticate(req.body);
  if (!user) {
    logger.warn('login_failed', {
      email: req.body.email, ip: req.ip
    });
    return res.status(401).json({ error: 'Invalid' });
  }
  logger.info('login_success', { userId: user.id });
  res.json({ token: createToken(user) });
});

Real-World Example

The 2013 Target breach went undetected for weeks because security alerts were ignored or insufficient. Attackers had access for over 2 weeks, stealing 40 million credit card numbers. Better logging and monitoring would have caught the intrusion faster.

How to Prevent It

  • Log all authentication events (success and failure)
  • Log authorization failures and suspicious activity
  • Set up real-time alerting on security events
  • Use structured logging with tools like Sentry or Datadog

Affected Technologies

Node.jsReactNext.jsPythonGoJavaPHPC#

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

Broken Access Control

high

Users can act outside their intended permissions, accessing other users' data or admin functionality without proper authorization checks.

CWE-284A01:2021

Cryptographic Failures

high

Sensitive data is exposed due to weak or missing encryption — using outdated algorithms like MD5/SHA1, storing passwords in plaintext, or transmitting data without TLS.

CWE-327A02:2021

Supply Chain Failures

medium

Your application inherits vulnerabilities from third-party dependencies — outdated packages with known CVEs that attackers actively exploit.

CWE-1395A06:2021

Security Misconfiguration

medium

Default configurations, open CORS policies, debug mode in production, or verbose error messages expose your application to attackers.

CWE-16A05:2021