Skip to content

/ API-Security-Checklist

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Monitoring section to the list #44

Open
wants to merge 2 commits into
base: master
from
Open

Add Monitoring section to the list #44

wants to merge 2 commits into from

Conversation

@msfidelis
Copy link
Contributor

@msfidelis msfidelis commented Jul 13, 2017

Add Monitoring session.
@msfidelis
Update README.md
5d604b2 
Add Monitoring session.
@netcode netcode changed the title Update README.md Add Monitoring section to the list Jul 15, 2017
@roffel
roffel reviewed Jul 26, 2017
View changes
README.md Outdated
- [ ] Use centralized loggins for all services and components.
- [ ] Use agents to monitoring all trafic, errors, requests and responses.
- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch e etc.
- [ ] Check if you don't log sensetive data like Credid Cards, Passwords and PIN's.

This comment has been minimized.

Sign in to view
@roffel

roffel Jul 26, 2017
edited

Credid should be Credit :-) . And I think that sensetive should be sensitive

This comment has been minimized.

Sign in to view
@kenguest

kenguest Jul 26, 2017

also; logins or log-ins... and "PINs" not "PIN's".
@Maikuolan
Copy link
Collaborator

@Maikuolan Maikuolan commented Aug 14, 2017

@netcode Aside from the points raised by the reviewers above (all good points worth addressing!), any thoughts about this PR? Should we accept (pending the corrections mentioned above) or just close this, or were we waiting for something else (more discussion, etc)?
@kenguest
Copy link

@kenguest kenguest commented Aug 15, 2017

It does add value, so I'd be inclined to accept/merge the PR; additional changes/tweaks can always be merged in via another PR.
@msfidelis
Code Review
b82d480
@msfidelis
Copy link
Contributor Author

@msfidelis msfidelis commented Aug 15, 2017

Done. Thanks for help!
@othyn
othyn reviewed Nov 16, 2017
View changes
README.md Outdated
@@ -61,10 +61,10 @@ Checklist of the most important security countermeasures when designing, testing
- [ ] Design a rollback solution for deployments.

## Monitoring
- [ ] Use centralized loggins for all services and components.
- [ ] Use centralized log-ins for all services and components.
- [ ] Use agents to monitoring all trafic, errors, requests and responses.

This comment has been minimized.

Sign in to view
@othyn

othyn Nov 16, 2017
edited

monitoring

Should be monitor.

trafic

Should be traffic.

Should read:

Use agents to monitor all traffic, errors, requests and responses.

👍
@othyn
othyn reviewed Nov 16, 2017
View changes
README.md Outdated
@@ -61,10 +61,10 @@ Checklist of the most important security countermeasures when designing, testing
- [ ] Design a rollback solution for deployments.

## Monitoring
- [ ] Use centralized loggins for all services and components.
- [ ] Use centralized log-ins for all services and components.
- [ ] Use agents to monitoring all trafic, errors, requests and responses.
- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch e etc.

This comment has been minimized.

Sign in to view
@othyn

othyn Nov 16, 2017

Should read:

Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.

Extra e is not required and as there is no conjunction after etc it should have a comma preceding it.

👍
@othyn
othyn reviewed Nov 16, 2017
View changes
README.md Outdated
- [ ] Use agents to monitoring all trafic, errors, requests and responses.
- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch e etc.
- [ ] Check if you don't log sensetive data like Credid Cards, Passwords and PIN's.
- [ ] Check if you don't log sensitive data like Credit Cards, Passwords and PINs.
- [ ] Use an IDS or/and IPS system to monitoring your API requests and instances.

This comment has been minimized.

Sign in to view
@othyn

othyn Nov 16, 2017

Just a few little grammatical changes:

Use an IDS (Intrusion Detection System) and/or IPS (Intrusion Prevention System) for monitoring your API requests and instances

Your choice whether to include the acronym descriptions, just thought it may be helpful :)
@othyn
othyn reviewed Nov 16, 2017
View changes
README.md Outdated
- [ ] Use agents to monitoring all trafic, errors, requests and responses.
- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch e etc.
- [ ] Check if you don't log sensetive data like Credid Cards, Passwords and PIN's.
- [ ] Check if you don't log sensitive data like Credit Cards, Passwords and PINs.

This comment has been minimized.

Sign in to view
@othyn

othyn Nov 16, 2017

This may read more fluidly:

Check that you aren't logging sensitive data like Credit Cards, Passwords and PINs.

I may be getting a little picky... haha
@vincenting
Copy link
Contributor

@vincenting vincenting commented Oct 18, 2019

Will Monitoring and Alerts can describe this section better?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kenguest kenguest

@othyn othyn

@roffel roffel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

6 participants
@msfidelis @Maikuolan @kenguest @vincenting @othyn @roffel
You can’t perform that action at this time.