A09: Security Logging and Monitoring Failures

Simulating how insufficient logging makes it impossible to diagnose a critical production issue.

Interactive Simulation: The Silent Failure

A customer's fund transfer fails for an unknown reason. As an engineer, you must use the logs to find out why.

How to Simulate

With logging disabled, attempt the funds transfer. The customer sees a generic error, but the **Administrator Event Log** is empty, leaving the engineering team blind.
Enable 'Full Event Logging'.
Attempt the transfer again. The customer still sees the error, but this time the logs provide the administrative team a clear trace, revealing a currency mismatch is the root cause.

Customer Bank App

Your Balance:£2,000

Amount to Send

Administrator Event Log

Explanation

Without sufficient logging and monitoring, it's difficult, if not impossible, to detect malicious activity or perform a forensic analysis after a breach has occurred. However, logging is also critical for simple diagnostics.

In this scenario, a subtle bug (a currency mismatch) causes a critical transaction to fail. Without logging, an administrator has no visibility into why. With full logging, the issue is immediately identifiable, saving time and preventing customer frustration.

Toggle Defense

Enable Full Event Logging

When enabled, critical events like transactions are logged with sufficient context to allow for robust auditing and diagnostics.