ASVS Requirement 16.2.5

• Level: 2
• Chapter: V16 Security Logging and Error Handling
• Section: V16.2 General Logging
• Source: 0x25-V16-Security-Logging-and-Error-Handling.md

Description

Verify that when logging sensitive data, the application enforces logging based on the data's protection level. For example, it may not be allowed to log certain data, such as credentials or payment details. Other data, such as session tokens, may only be logged by being hashed or masked, either in full or partially.