TLDR: Misconfigured log storage can lead to data leakage, unauthorized access, and regulatory compliance issues. These vulnerabilities arise from improper encryption, lack of access controls, excessive retention periods, and insecure configurations, violating several OWASP Top Ten principles, including secure Logging, Access Controls, and Data Encryption.
https://owasp.org/www-community/Logging_and_Monitoring_Cheat_Sheet
Failing to encrypt log files stored at rest increases the risk of data leakage if the storage system is compromised. Logs often contain sensitive information, such as IP addresses, user activity, or API tokens. Encrypting logs both at rest and in transit aligns with OWASP Top Ten's Data Encryption principles.
https://owasp.org/www-community/Data_Encryption
Improper access controls on log storage locations can allow unauthorized users to view or modify sensitive data. For instance, logs stored in shared directories without role-based access can expose information to unintended users. Implementing strict access policies ensures compliance with OWASP Top Ten's Access Management standards.
https://owasp.org/www-community/Access_Control
Neglecting to redact or mask sensitive information, such as credentials or personal data, in logs can result in regulatory non-compliance and increased exposure during breaches. Adopting secure Logging practices, such as masking or hashing sensitive fields, ensures alignment with OWASP Top Ten guidelines.
https://owasp.org/www-community/OWASP_Proactive_Controls
Over-retaining log files can increase the exposure window for attackers and make compliance with data minimization regulations difficult. Implementing tailored log retention policies based on business and regulatory needs adheres to OWASP Top Ten's data handling recommendations.
https://owasp.org/www-community/Logging_and_Monitoring_Cheat_Sheet
Logging unvalidated inputs, such as user-provided data, without sanitization can introduce code injection vulnerabilities or make logs difficult to analyze. Applying input validation before logging ensures compliance with OWASP Top Ten's secure Input Validation practices.
https://owasp.org/www-community/Input_Validation
Failing to monitor log storage for anomalies, such as unexpected access or modification, undermines its effectiveness as a security measure. Integrating log monitoring tools with SIEM systems ensures alignment with OWASP Top Ten recommendations for proactive monitoring.
https://owasp.org/www-community/OWASP_API_Security_Project
Inadequate backups or lack of redundancy for log storage can result in loss of critical data needed for forensic investigations. Ensuring secure and redundant storage for logs adheres to OWASP Top Ten's focus on operational resilience.
https://owasp.org/www-project-logging/
Improper handling of logs generated across environments, such as development and production, can lead to accidental exposure of debug information in production. Adopting environment-specific log configurations ensures compliance with OWASP Top Ten operational best practices.
https://owasp.org/www-community/Framework_Security_Project
Failing to implement size and rate-limiting for logs can lead to denial of service attacks or resource exhaustion. Enforcing quotas and rate-limiting log storage aligns with OWASP Top Ten's resource management principles.
https://owasp.org/www-community/Denial_of_Service
Finally, not securely deleting logs after their retention period can expose sensitive information during breaches or audits. Implementing secure data destruction practices ensures adherence to OWASP Top Ten's focus on data lifecycle management.