David Geer
asked on
What are the purposes for leaving an audit trail?
I understand that penetration testers should leave audit trails. I am confused as to the purpose. I have heard that it is so the organization can see what changed in their applications and websites to make them exploitable? Is this correct? Could you please explain with a little bit of detail?
Dave Baldwin
An "audit trail" in the general sense lets you see what has happened. Required for banking and financial transactions as well. If you don't have a record of what happened, you really don't have any information. This is basic to any kind of quality control. If you didn't 'write it down', it didn't really happen in the sense that you have no information that you can use to fix anything.
I agree with the above and the term is common in business (ledger) as well as banking and financial.
In a firewall setup at the edge of your business, the log is an audit trail and should be enabled (all the logs on the device).
You can turn auditing ON at your server to see who logged in and did what. Default for this and firewall logs is OFF so make sure you have them turned on and your server has enough disk space to log a month of entries.
In a firewall setup at the edge of your business, the log is an audit trail and should be enabled (all the logs on the device).
You can turn auditing ON at your server to see who logged in and did what. Default for this and firewall logs is OFF so make sure you have them turned on and your server has enough disk space to log a month of entries.
Penetration tester maintain a record to provide information for the developers, engineers to fix this issue.
A audit as was pointed out depending on the industry is a required record tracking of activity on and in the system, environment.
An audit deals with detecting a modification by a user who shoukd not have been able to make that change.
A audit as was pointed out depending on the industry is a required record tracking of activity on and in the system, environment.
An audit deals with detecting a modification by a user who shoukd not have been able to make that change.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I thought there were other good answers besides only the last answer given.