Security Logging and Monitoring Failures (A09:2021)

Analyze source code for security logging and monitoring failures including missing audit logging for security events, sensitive data in logs, log injection, absence of alerting on failures, logs only stored locally, and missing tamper protection.

This is the most architectural OWASP category. Scanners provide minimal coverage for logging failures, so Claude's analysis of code patterns, logging configuration, and event coverage is the primary value of this skill.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags. Key flags for this skill:

• --scope determines which files to analyze (default: changed)
• --depth standard reads code and checks logging around security-critical operations
• --depth deep traces security event flows to verify each produces an audit log entry
• --severity filters output (logging gaps are often medium, sensitive data in logs is high)