Auditing and logging-related vulnerabilities are part of the OWASP Top 10 2017. They are covered under A10:2017 Insufficient Logging and Monitoring. Some of the vulnerabilities listed under this category are as follows:

• The application doesn't log events such as logins, failed logins, and high-value transactions
• The application generates warnings and errors, which are inadequate
• Applications and API logs aren't regularly monitored for suspicious activity
• No backup strategy defined for application logs
• The application is not able to detect, escalate, or alert active attacks in real time or near real time