Introduction to API09:2019 Improper Assets Management
Insufficient Logging and Monitoring, listed as API10:2019 in the OWASP API Security Top 10, refers to the failure to record, detect, and respond to malicious API activity. Without proper logging, security events like brute force attacks, data theft, or misuse of endpoints can go unnoticed. When monitoring is absent or alerts aren’t triggered, attackers gain more time to exploit vulnerabilities without detection. This also weakens incident response and forensic investigation. To mitigate this risk, APIs should log key events such as failed logins and access violations, integrate with monitoring systems, and ensure alerts lead to timely responses.
