How do you investigate of your security of instance proactively?
I see in many companies use the different security scanners for analysis (https://owasp.org/www-community/Vulnerability_Scanning_Tools) e.g. Jira.
Just curious how often do you do ? What kind methods do you use ?
is this for compliance and checklist?
From previous experience this is a lengthy topic (beg my pardon I touched some more aspects than just the security scanners) where many details can be unfold - but in general, I suppose, overall they just repeat best practises for IT which are documented for many, many years.
I'd like just to name a few - all of them, like I said, supposedly are repetitions:
One topic that I have seen in discussions lately is the preservation of logs (catalina.out/atlassian-jira.log and probably atlassian-jira-security.log) in a separated logging-system to detect irregularities or if the server was already compromised and the original system cannot be trusted anymore.
The list can be continued (I heard of implementations that scan the attachment directory for viruses and other malicious contents) and is by no means complete (one could start with discussing the presence of a correctly configured firewall and end up with the statement that only trusted admins should be act on basic system levels and so on). So please consider all of the said above as some basic idea that came to my mind and what seems to be common with Jira-admins I recently spoke with.
Regarding how often you scan a system, depends on several factors:
I also suggest cross-posting this in Trust & Security. 💪
Did you know that penalties up to 4 % of the yearly company turnover are possible in case of GDPR violations? GDPR regulations are currently mainly relevant for companies in the EU, but countries lik...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events