Update A09_2021-Security_Logging_and_Monitoring_Failures.md

[fcerullo-cycubix]

Hi

While delivering a training, a student pointed out an improvement to the description of the A9 issue.

[tobinbrooke]

Reasoning for putting more emphasis on log encoding as a means of preventing log stuffing:

• By their very design logs are often able to be written to by un-authenticated users (logging failed login attempts)
• Cannot rely on the output format of the log being unknown
• Many systems still use a text/smi-structured log format
• By crafting authentication payloads or other requests log entries that may emulate multiple entries can be crafted.
• Fake entries could be created to trigger erronous IoA
• By stuffing the logs this occurs before any signing and therefore breaks non-repudiation (make the log entries tell the desired story)
• The OWASP top 10 item covers the log encoding in the "How to Prevent" section but this needs more emphasis such as in the description
• Many systems can be exploited via un-authenticated or authenticated users (ease)