Introduction to API10:2019 Insufficient Logging Monitoring
Insufficient Logging and Monitoring, listed as API10:2019 in the OWASP API Security Top 10, refers to the lack of proper mechanisms to detect, record, and respond to malicious activity targeting APIs. Without adequate logging, attacks such as brute force attempts, abuse of API functionality, or data exfiltration can go unnoticed. Monitoring failures mean alerts aren’t triggered, or aren’t acted on quickly, allowing attackers to operate without detection. This also hinders incident response and forensic investigations. To address this risk, APIs should log security-relevant events and be integrated with monitoring systems that enable real-time detection and response.
