• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 91
  • Last Modified:

What are the purposes for leaving an audit trail?

I understand that penetration testers should leave audit trails. I am confused as to the purpose. I have heard that it is so the organization can see what changed in their applications and websites to make them exploitable? Is this correct? Could you please explain with a little bit of detail?
David Geer
David Geer
1 Solution
Dave BaldwinFixer of ProblemsCommented:
An "audit trail" in the general sense lets you see what has happened.  Required for banking and financial transactions as well.  If you don't have a record of what happened, you really don't have any information.  This is basic to any kind of quality control.  If you didn't 'write it down', it didn't really happen in the sense that you have no information that you can use to fix anything.
JohnBusiness Consultant (Owner)Commented:
I agree with the above and the term is common in business (ledger) as well as banking and financial.

In a firewall setup at the edge of your business, the log is an audit trail and should be enabled (all the logs on the device).

You can turn auditing ON at your server to see who logged in and did what. Default for this and firewall logs is OFF so make sure you have them turned on and your server has enough disk space to log a month of entries.
Penetration tester maintain a record to provide information for the developers, engineers to fix this issue.
A audit as was pointed out depending on the industry is a required record tracking of activity on and in the system, environment.

An audit deals with detecting a modification by a user who shoukd not have been able to make that change.
Well, there are two reasons in the context that you're explaining to have an audit trail:
1) If for some reason the penetration test modified anything (intentional or not), then you're going to want to have visibility into that.
2) There should also be audit records to be sure that any actions that take place were authorized. Also helps you with investigations for unauthorized events.
JohnBusiness Consultant (Owner)Commented:
I thought there were other good answers besides only the last answer given.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now