I chose “Insufficient Logging & Monitoring”, which refers to the inadequate tracking and examination of web application events that could signal a security breach. The absence of monitoring web applications make them vulnerable by delaying the detection of malicious and/or suspicious activities, allowing attackers to penetrate the systems unnoticed. And the lack of detailed logs prevents a clears understanding of the breach’s nature and scope, also preventing quick response and accountability. The consequences of this type of exploitation can be severe. For instance, data breaches can lead to significant financial, reputational, and legal damages. Attackers might also establish long-term access to systems, causing persistent threats and operational disruptions. To prevent a risk like this, organizations should implement logging of critical events and real-time monitoring systems that alert on suspicious activities. Regular log audits can help identify unusual patterns or breaches, enhancing and increasing the organizations ability to defend it’s self. An incident response plan should also be in place for effective action in the event of a security breach or incident, mitigating potential damages and restoring normal operations promptly.

OWASP. (2023, April 6). A10:2017-Insufficient Logging & Monitoring. https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%26Monitoring