Secure process audit
Introduction
A secure process audit is a type of security audit in which the tester (auditor) tests the application or server or any network device where he or she captures and analyzes a detailed view of the application workflow, functionalities and their process and then identifies the loopholes and security misconfigurations.
The objective of this activity is to assess and discover weak links, immunity level, security misconfigurations and so on. Generally, a tester needs to install the application on the system, followed by installing a few testing tools. It depends on the client and their network infrastructure; many organizations may call a penetration tester to their premise due to criticality of their network infrastructure.
Some of the following measures and controls that must be a part of this assessment are as follow:
- A packet transmission review
- Inspect the entry in Registries (before, during and after the running phase of an application)
- Analyze if an application is creating or storing any sensitive information in the parent directory, logs, config files and so on
- Analyze memory and CPU performance during the running phase of an application
- Review the deployment diagram and find loopholes in all of the above
How to perform process auditing
Tools: Echo Mirage, Wireshark, Regshot, TCPView, Process Hacker, Strings, CFF Explorer, WinHex, Fiddler, Nmap, Process Monitor and more
Ask for the network and deployment diagram and have a detailed understanding of the network flow and how the process is getting initiated. The deployment diagram should cover each detail being deployed in real scenario. A detailed understanding of each node and function is required.
Inspect and analyze to see if the firewall is being placed in the right location and if the organization needs to have one more firewall at another node (to provide more security). Internal and external firewalls (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Shubham Vashist. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/wWHSqrBNAoY/