Vulnerability Discussion

The API Gateway must generate audit records when successful or unsuccessful attempts to access privileges occur to ensure security, accountability, and compliance. By logging these events, the gateway can track and monitor who is trying to access sensitive or restricted resources, helping to detect potential unauthorized access attempts or malicious activity. Successful access logs provide a record of legitimate users or services that have been granted the appropriate permissions, while unsuccessful access attempts highlight potential security threats, such as brute-force attacks, credential stuffing, or unauthorized users attempting to bypass access controls. These audit records enable quick identification of suspicious patterns, making it easier to respond to potential breaches or policy violations in real time.

Check

If an API Gateway is not in use, this is Not Applicable.

Verify both successful and unsuccessful attempts to access privileges are configured to be logged. This may include user identity, timestamps, access attempts, and outcomes (success or failure).

Perform various test cases to simulate both successful and unsuccessful access.

After performing the test scenarios, access the logs generated by the API Gateway (or the centralized logging system) and check for entries related to authentication and authorization.

Cross-check the actual logging behavior with the organization’s auditing and security policies to verify the API Gateway meets required standards for logging successful and unsuccessful access attempts.

If the API Gateway does not generate audit records when successful/unsuccessful attempts to access privileges occur, this is a finding.

Fix

Build or configure the API Gateway to enable logging successful/unsuccessful attempts to access privileges.