- Help Center
- Scanning & Testing
- API Testing
-
Getting Started
-
Platform Overview
-
Scanning & Testing
-
Troubleshooting Asset Blockers
-
Vulnerability Management
-
Attack Surface Management
-
Continuous Threat Exposure Management (CTEM)
-
Integrations
-
Reporting
-
Security Best Practices
-
Advanced Features & Customizations
-
Troubleshooting & FAQs
-
Updates & Announcements
How does Edgescan test for insufficient logging and monitoring on an API?
Edgescan can include insufficient logging and monitoring as part of manual testing.
Version Number: v1.0.1
Published Date: 9 Apr 2024
____________________________________________________________________________
Insufficient logging and monitoring are supported through manual testing as the logging data should be handled in the backend rather than being user-controllable, however insufficient monitoring has slight automation in the detection of logging that is user controllable in which case this can lead to a pollution of misinformation that may be parsed or abused to target an analyst reviewing the logs.
In an ideal world Edgescan should not have access to any data that will present this vulnerability.