At least once till date, you must’ve come across sites that let you log in using your social media account [Facebook, LinkedIn, Google & various such platforms] The chances are that this feature is built using the well known OAuth [...]
Apart from general penetration tests, timely vulnerability management and hardened network access controls, one other method to protect your devices as well as getting them compliant to industry standards is configuration audit. In this blog post we will cover what exactly is a configuration audit, why it is important, the approach and details for common best practices for well known controls.
Configuration Audit is one of the best practices, that we follow in the security domain to secure our Environment from Internal and External threats.
It is an important part of the deployment cycle, where we follow industry level security standards such as ISO 27000 or CIS to secure the environment in the best possible way. Configuration Audit is further divided into various parts depending on the operating system/build/version of the device or devices deployed in the given environment.
Configuration Audit is majorly done on Windows/Linux servers, Network devices such as routers/switches/firewall, Webservices such as IIS/Apache and different kind of databases.
It is a method to determine the current security state of the systems deployed in an environment, against well known industry standards. This assessment throws light to misconfigurations such as bad or default configurations, which may lead to system compromise. Mitigation of such misconfigurations, allows you to achieve compliance standards.
This is a simple process divided into four parts
This is a continuous and repetitive process to achieve and maintain high compliance standards.
The following best practices are so common and so generalized that it can be applied and is applicable to almost everything, be it an operating system for computers or network devices, or for newer technologies like cloud, microservices, APIs and more.
Written by: Skrutin1
Before we travel through the Secure code review in SDLC phase. Let us first understand what is Secure Coding, why it should be the part of early phase of SDLC, importance and best practices, available tools. Security Code Review: A secure code review is a part of the code review process to identify missing best ...
Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before we get started, a big thanks to PortSwigger and their Web Security Academy Labs! The ...