Update MASTG-KNOW-0101 with additional logging sources

knowledge/ios/MASVS-STORAGE/MASTG-KNOW-0101.md

@@ -19,3 +19,18 @@ Key concepts:
 - **Log Levels**: Unified logging supports multiple log levels (e.g., `debug`, `info`, `error`, `fault`) to help categorize messages based on their importance and severity.
 
 Apart from using secure logging APIs, developers can also implement build configurations or preprocessor directives to disable or limit logging in production builds. This ensures that sensitive information is not exposed in live environments.
+
+## Additional Logging Sources to Consider
+
+
+
+
+Beyond standard application logging APIs such as `Logger` and `os_log`, iOS applications may inadvertently expose sensitive information through other logging mechanisms:
+
+**Legacy Logging APIs**: Deprecated APIs such as `NSLog` and Apple System Log (ASL) write directly to system logs that persist on the device and can be accessed through diagnostic tools or device backups.
+
+**Native Exception and Crash Reporting**: Third-party crash reporting SDKs (e.g., Firebase Crashlytics, Sentry, PLCrashReporter) capture exception details, stack traces, and contextual data at the time of a crash. This information may include sensitive runtime state, depending on SDK configuration.
+
+**Network Request Logging**: iOS networking APIs and third-party libraries may log request and response data during debugging. The default `NSURLSession` configuration includes caching that can persist sensitive data. Network diagnostic logging features can expose additional details about HTTP traffic.
+
+**WKWebView Console Output**: Applications embedding web content via `WKWebView` or the deprecated `UIWebView` may capture JavaScript console output through message handlers. This can include data passed between web and native contexts.