Auditing and logging-related vulnerabilities are part of the OWASP Top 10 2017. They are covered under A10:2017 Insufficient Logging and Monitoring. Some of the vulnerabilities listed under this category are as follows:
- The application doesn't log events such as logins, failed logins, and high-value transactions
- The application generates warnings and errors, which are inadequate
- Applications and API logs aren't regularly monitored for suspicious activity
- No backup strategy defined for application logs
- The application is not able to detect, escalate, or alert active attacks in real time or near real time