Questions tagged [audit]
For questions about the assessment of software, hardware, systems, people, processes, procedures, projects, etc, that are somehow related to the security of an organization or product. Often these are related to a certification the organization or product holds, or looking for tools or processes for performing an audit.
459
questions
12
votes
1
answer
9k
views
How safe is WireGuard VPN for production in its current state?
In our project we had to build a VPN to get through to computers residing behind NAT. I never did it before. While looking for suitable software I came across WireGuard which claimed to be very simple....
- 107
0
votes
4
answers
274
views
Control over IT security
In pharmacy the safety of drugs is under fairly tight control by national authorities, e.g. FDA in US. The risks of patients taking drugs are thus very effectively minimized, though understandably ...
1
vote
0
answers
36
views
Log REST API calls in the most auditable way
I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server.
The data, which I need to download regularly from a third-party ...
- 11
1
vote
1
answer
83
views
Execution profile for web server
I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let's assume that someone has an (Apache) HTTP Server. ...
CommunityBot
- 1
3
votes
1
answer
382
views
Which of the following Linys auditing suggestions are worthwhile?
I'm currently securing a Linode VPS that will host a WordPress store and two Python web applications. Security-wise, I've run the most "basic" steps, such as hardening SSH access (i.e. ...
CommunityBot
- 1
0
votes
1
answer
107
views
Do I need to implement additional security measures for my self-hosted container web app?
Could you please suggest if I need to do anything else to ensure that my server is secure against the most common attacks? Currently it seems fine to me, but I would highly appreciate if someone with ...
- 12k
0
votes
0
answers
25
views
Auditd and Auditbeat compatibility when using Sigma
I'm looking to integrate Sigma rules into my SOC ecosystem, and am bumping into issues with using Sigma rules.
Specifically, auditd includes a "type" field which tags logs with some category,...
0
votes
0
answers
22
views
Sigma "keywords" rules and Auditbeat
I've recently begun using Auditbeat for capturing and streaming audit logs from my Linux machine.
I browsed the main rules repository, and noticed that many rules rely on the keywords feature of Sigma ...
- 131k
4
votes
6
answers
5k
views
Prevent the tampering of the logs of a service
In a security-sensitive service with REST APIs, what is the best way to produce tamper-resistant audit logs?
Signing each log entry is a possibility, but that does no prevent a malicious operator ...
0
votes
1
answer
91
views
ISO 27001: do we need audit access to the code of the core application
We want to be 27001 certified and our company is based on one core application that is hosted in our cloud infrastructure but provided by a vendor.
Is there a situation where an auditor needs access ...
- 131k
-1
votes
2
answers
216
views
Laptop Repair vs. Evil Maid
Suppose you need a laptop repair, so you bring it to
A big box store where you have some sort of coverage (who will have the computer for 2-3 weeks)
A small chain of repair shops
a small independent ...
0
votes
0
answers
73
views
How can we verify the security of a device? [duplicate]
I've recently been experiencing a situation as follows:
How can I understand the IO of an unknown device?
Say, for example, I am gifted a bluetooth speaker. How can I understand its potential for ...
- 131k
-1
votes
2
answers
190
views
Which standard can be used to seed security checklist for web application?
I am trying to create a security checklist for developers/testers of web applications to make sure that the web app is compliant with all the security guidelines.
When looking at the different ...
- 131k
0
votes
0
answers
91
views
Security frontend side
Hi i´m a frontend developer and next week we will have a security audit i need to be sure that frontend side is secure and dont have vulnerabilities, so my question is, ¿What would you recommend or ...
- 13.1k
0
votes
0
answers
315
views
XSS Payload That Can Bypass Special Character Check
I developed the following C# algorithm to prevent XSS attacks:
private bool Is_There_XSS_Payload(string arg)
{
Regex regex = new Regex(@"^[a-zA-Z0-9]+$");
bool result = ...
- 1