Category: OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures
Incomplete
Summary
Weaknesses in this category are related to the A09 category "Security Logging and Monitoring Failures" in the OWASP Top Ten 2021.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-117 | Improper Output Neutralization for Logs | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
| CWE-223 | Omission of Security-relevant Information | The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe. |
| CWE-532 | Insertion of Sensitive Information into Log File | The product writes sensitive information to a log file. |
| CWE-778 | Insufficient Logging | When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it. |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.