Security in web applications is one of the top most important topics in the security environment. After all, the web application at the forefront is the interface to the Internet. The OWASP Top-10, the ten most dangerous vulnerabilities in web applications, contain a vulnerability that is actually not a real one. Due to the “insufficient logging and monitoring”, compromises are sometimes not detected at all or detected much too late. On average, it takes up to seven months for a hacker attack to be detected. Sensors built into the application can provide a remedy, identify attackers on the first attempt and initiate protective measures themselves. Why insufficient logging and monitoring in the top 10 nevertheless has its right to exist and how the OWASP AppSensor project provides more security is the subject of this article by our IT-Security expert Javan.