rspec/rules/S5757/description.adoc

Log management is an important topic, especially for the security of a web application, to ensure user activity, including potential attackers, is recorded and available for an analyst to understand what's happened on the web application in case of malicious activities.


Retention of specific logs for a defined period of time is often necessary to comply with regulations such as GDPR, https://www.pcisecuritystandards.org/documents/Effective-Daily-Log-Monitoring-Guidance.pdf[PCI DSS] and others. However, to protect user's privacy, certain informations are forbidden or strongly discouraged from  being logged, such as user passwords or credit card numbers, which obviously should not be stored or at least not in clear text.
	`Log management is an important topic, especially for the security of a web application, to ensure user activity, including potential attackers, is recorded and available for an analyst to understand what's happened on the web application in case of malicious activities.`


	`Retention of specific logs for a defined period of time is often necessary to comply with regulations such as GDPR, https://www.pcisecuritystandards.org/documents/Effective-Daily-Log-Monitoring-Guidance.pdf[PCI DSS] and others. However, to protect user's privacy, certain informations are forbidden or strongly discouraged from being logged, such as user passwords or credit card numbers, which obviously should not be stored or at least not in clear text.`