API Testing
      Back to home
      1. Help Center
      2. Scanning & Testing
      3. API Testing

      How does Edgescan test for insufficient logging and monitoring on an API?

      Edgescan can include insufficient logging and monitoring as part of manual testing.

      Version Number: v1.0.1

      Published Date: 9 Apr 2024

      ____________________________________________________________________________

      Insufficient logging and monitoring are supported through manual testing as the logging data should be handled in the backend rather than being user-controllable, however insufficient monitoring has slight automation in the detection of logging that is user controllable in which case this can lead to a pollution of misinformation that may be parsed or abused to target an analyst reviewing the logs.

      In an ideal world Edgescan should not have access to any data that will present this vulnerability.