[Owasp-standards] RE:RE: Project Status - feedback and round2!

owasp-standards-admin at lists.sourceforge.net owasp-standards-admin at lists.sourceforge.net
Tue Mar 14 00:03:57 EST 2006


Hi Mike,



Sorry couldn't reply as i was on long holidays. Just came and read your message.



I have 1 feedback/comments regarding Auditing of events, first of all its very important to do quick test for this. Let me first add the requiremens for audit logs review and monitoring:



(a) Audit trails, logs  should be implemented to track critical transactions, events and errors pertaining to the servers, system files, privileged user accounts , tools and programs.



(b) The audit trails and logs should be securely protected from unauthorised access or modification.



(c) The audit trails and logs should to be reviewed by the System Administrator in the frequency specified below:



Type				Frequency

System logs			Daily 

Critical network component logs	Daily

Privileged accounts		Monthly, or as and when system changes

Audit trails			Monthly



(d) The performance and capacity of the application should also be periodically monitored to ensure its continuous availability (e.g no memory leaks and deadlocks etc).



For point (a) and (b), we can test in black box nature. But it really depends on web application whether its providing user interface to check all audit logs etc. If its not there then last option is to use utility (e.g toad, logs viewer etc)



For point (d), we can achieve this using Loadrunner/OpenSta.org to quickly stress the application to check the behaviour under load.



Will be sending you more review and comments by next week.....



Ciao,

Ahmed Shahzad
 





More information about the Owasp-standards mailing list