What is the primary defense against log injection attacks?

• A. Sanitize outbound log messages
• B. Use encryption at rest
• C. Disable logging in production
• D. Rotate logs daily

Answer: (A)

Log injection attacks occur when attacker-controlled data is written into log files without cleaning, so special characters or newlines can alter the log stream, forge entries, or obscure what happened. Sanitizing outbound log messages is the key defense because it cleans and encodes data before it’s logged, stripping or escaping risky characters and enforcing a safe format. This stops untrusted input from breaking log structure or creating fake entries, which is exactly what injection attempts rely on. Encryption at rest protects stored logs’ confidentiality but doesn’t prevent injection during log creation; rotating logs and disabling logging help with maintenance or storage but don’t address the vulnerability in how data is logged.