Questions tagged [audit]
For questions about the assessment of software, hardware, systems, people, processes, procedures, projects, etc, that are somehow related to the security of an organization or product. Often these are related to a certification the organization or product holds, or looking for tools or processes for performing an audit.
41
questions
33
votes
5
answers
51k
views
How to find out that a NIC is in promiscuous mode on a LAN?
How to find out that a NIC is in promiscuous mode on a LAN?
5
votes
2
answers
485
views
Can we determine how securely files are stored on a cloud storage service?
After asking two questions about the security of online cloud storage, it seems to me that we can only at best speculate as to the security practices of the hosting company, and believe what they tell ...
135
votes
19
answers
52k
views
Is it common to allow local desktop and/or active directory admin access and rights for developers in organizations?
I work at a company with a staff of about 1000+. We currently have programming development staff that work on web based projects (approx 50 people).
Recently due to security concerns our IT and ...
86
votes
6
answers
20k
views
How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me? [duplicate]
I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical "business logic". (This could be any other language and the exact same problem would still stand; I'm ...
22
votes
5
answers
28k
views
How to simulate DDoS attacks from the Internet?
The idea behind security tests is easy. You want to know what a hacker can do - you hire a security expert who acts like a hacker to see how far he can get. You want to know what an evil admin can do -...
18
votes
3
answers
3k
views
Status of Trusted Computing and Remote Attestation deployment
Hardware support for various client-side controls based on Trusted Computing (Wikipedia) has been evolving over the years, e.g. TCPM, TPM, TXT (LaGrande, DRTM).
I've heard of one practical ...
12
votes
1
answer
8k
views
How to check the integrity of my BIOS?
Could it be possible that a virus rewrites my BIOS with some malicious code? If so, how could I protect against it, or at least how can I check that the BIOS hasn't been modified?
9
votes
3
answers
3k
views
Is it possible to determine if the BIOS has been modified between two points in time?
Is it possible to determine if the BIOS of a computer has been modified between two points in time from that computer while it's running ?
Effectively I'd like to be able to gather the equivalent of ...
7
votes
1
answer
2k
views
Do blackbox penetration tests make sense if a whitebox audit would be possible as well?
Lets assume I am responsible for an application in my company and I decide to hire security experts to perform a security audit. Lets assume further that my company owns the source code of the ...
50
votes
3
answers
73k
views
Simple example auditd configuration?
Auditd was recommended in an answer to Linux command logging?
The default install on Ubuntu seems to barely log anything. There are several examples that come with it (capp.rules, nispom.rules, stig....
11
votes
6
answers
22k
views
Automated tools for Cisco IOS config auditing? [closed]
Are there any automated tools for auditing config files exported from Cisco IOS devices? Free/Open Source is always nice, but anything that does the job would be of interest.
10
votes
2
answers
2k
views
Does git commit hash prove the history until that point?
I have some data and want to prove it's integrity during time, i.e. prove that a certain state of the data was present a a certain date.
For this reason I commit the data to a git repository I keep ...
10
votes
5
answers
4k
views
Storing Old Password History and Information
Google, Facebook, Twitter, and several other services still knows the older passwords which we used on our accounts. At times, I can not reuse the same password as I have. Then with Google, if I type ...
9
votes
2
answers
2k
views
security reviews of third party code
I am not familiar with all the steps involved in a full-fledged
information security review of an in-house developed application,
so I am wondering whether or not the following scenario is ...
8
votes
2
answers
326
views
Do people even exist who actually vet all the updates to their open source software?
A year or so ago, I set up this system which, whenever Composer (that's PHP's packet/library update manager) fetched new updates to my few (but critically required) third-party libraries, created a ...