SYM_CONF_0097 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Insufficient Logging
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-778: Insufficient Logging |
| OWASP | A10:2017 - Insufficient Logging & Monitoring |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The App Service resource in Azure is missing HTTP logging in its configuration. Without HTTP logging enabled, important request and response data will not be recorded for monitoring or troubleshooting.
Impact
If HTTP logs are not collected, it becomes difficult to detect, investigate, or respond to suspicious activity or security incidents. Attack attempts, unauthorized access, or misconfigurations may go unnoticed, putting the application and sensitive data at risk.