Aside from practical technical security and compliance advice, this site also aims to provide useful resources for security and audit personnel. We are very proud to announce the opening of our Checklists section!
Each week look forward to another useful audit checklist that you are free to use in your audit practice. While these checklists may not fit your needs perfectly, each one will certainly be an excellent starting point. It is our belief that it is better to share and improve the overall state of security and compliance than it is to force everyone to design and build their own wheel.
The first checklist posted is a Web Application Security Checklist. Please have a look and give us your comments! You should also to the upcoming five part series that covers how to use this checklist in your environment!
This is just one of the many topics discussed and taught hands on in David Hoelzer’s class, “Advanced System & Network Auditing”, available through The SANS Institute. David is a Senior Fellow with The SANS Institute and the principal examiner for Enclave Forensics. You can find a variety of topics on his blog.