Log Processing
V7.2.1
Verify that all authentication decisions are logged, without storing sensitive session tokens or passwords. This should include requests with relevant metadata needed for security investigations.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 778
V7.2.2
Verify that all access control decisions can be logged and all failed decisions are logged. This should include requests with relevant metadata needed for security investigations.
Level 1 required: False
Level 2 required: True
Level 3 required: True
CWE: 285
Disclaimer:
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
