Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Medium |
Description#
The AWS RDS database instance is not configured to export logs to CloudWatch. Without logging enabled, important database events and activities are not recorded for monitoring or auditing.
Impact#
If logs are missing, it becomes difficult to detect suspicious activity, troubleshoot issues, or meet compliance requirements. Attackers or malicious insiders could perform unauthorized actions without leaving an audit trail, increasing the risk of unnoticed data breaches or operational problems.