SiteShadow
Back to vulnerability library
Detected byRegex rules + pattern checksFree

L01 Logging Exposure

What this means

SiteShadow flagged log statements that may include secrets, credentials, tokens, or sensitive user data.

Why it matters

Logs are widely accessible; leaked secrets can enable account compromise.

Safer examples

1) Redact secrets before logging

function redact(s) {
  if (!s) return "";
  return s.slice(0, 4) + "…";
}
logger.info("Login attempt user=%s tokenPrefix=%s", userId, redact(token));

2) Don't log full request bodies by default

Especially for auth endpoints, webhooks, and payment flows.

3) Restrict access and retention

Limit who can read logs; set retention based on need; protect log sinks as sensitive systems.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this in your code with the free tier.

SiteShadow's free tier covers this exact pattern across the 23 OWASP Top 10 single-file checks. Sign in with your work SSO, first-time sign-in auto-issues your free license.