https://www.secdev.uk/blog/tags/cwe-778/ Recent content in CWE-778 on guy@secdev.uk Hugo en-gb Guy Dixon | guy@secdev.uk Sat, 24 May 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-05-24-logging-failures/ Sat, 24 May 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-05-24-logging-failures/ <p>When I started researching logging failures for this post, I expected to find dramatic exploit chains. Instead, what I found was something more unsettling, the absence of evidence. The most frustrating thing about incident response isn&rsquo;t finding a sophisticated exploit; it&rsquo;s opening the log aggregator and finding nothing. No entries, no breadcrumbs, no evidence that anything happened at all. That&rsquo;s CWE-778 (Insufficient Logging), and it&rsquo;s the backbone of OWASP A09: Security Logging and Monitoring Failures. This isn&rsquo;t a crash or a data leak in the traditional sense; it&rsquo;s the absence of evidence. When your incident response team can&rsquo;t investigate what was never recorded, the attacker wins by default. In this post, I&rsquo;m going to walk through logging failures across Python, Java, and Go, from the obvious missing-log-statement to the subtle cases where logging exists but captures the wrong data, at the wrong level, or silently drops events under load.</p>