Site Security Audit
Can anyone recommend a site security audit service? One thats simple to sign up to online and audit sites for xss, sqlinjection, buffer overflow, etc etc. Thanks ...
auditing
Auditing and model lifecycle management for instances and their associations?
I am trying to write an application to track legal case requests. The main model is Case, which has_many Subjects, Keywords, Notes, and Evidences (which, in turn, has_many CustodyLogs). Since the application is legal-related, there are some requirements that are out of the ordinary: CRUD operations must be logged, including what the ...
SQLServer 2008 - Configuring Service Broker between instances
Hi, I've been using the scripts from this website to help configure Service Broker based auditing. The first stage - setting up SB between databases on the same instance works fine. But then, when I try to apply Service Broker between instances, I'm running into grief. I'm using the command line tool, ssbdiagnose to help me find the c...
Best way to implement Auditing - Logging Framework in SSIS for ETL Projects
We have several SSIS packages and want to audit the follwoing items Package runtime Errors, Warnings Extracted/Loaded Row count Source and destination Filename, SQL Query, table name Package and Task Performance So far I found only one tool from Pargmaticworks BI xPress - Audit, Notify, Deploy SSIS Anyone used this before... all featu...
nhibernate interceptors with domain context
Hi Is it possible (in a clean fashion) to create an audit interceptor in hibernate 2.1 and pass in a domain context to it? What I would like to achieve is to set a Date Time (can be done easy peasy - found loadsa articles after a quick google), but setting an object e.g. a user who created the item, or altered an entity I have yet to f...
Finding property differences between two C# objects
The project I'm working on needs some simple audit logging for when a user changes their email, billing address, etc. The objects we're working with are coming from different sources, one a WCF service, the other a web service. I've implemented the following method using reflection to find changes to the properties on two different obj...
Nhibernate Auditing
I have a question about auditing. Most auditing examples use one audit table to track changes. However, we need one audit table per "regular" table. In other words, tblCustomer would also have tblCustomer_History. I can't figure out how to use a listener, and on update populate the history table as well. Any ideas? I'd hate to fall back ...
Web Application Auditing
How can I audit a web application specifically database changes, when the application is connecting to the database as a system account? I would like to use a simple database trigger to write to an audit table but I am unsure of how I would be able to add the user that is logged on instead of the account that is actually doing the work...
NHibernate and SetSessionAuth audit columns
We have audit columns set by triggers. For obscure security reasons predating my tenure and out of my control, we log in with a generic user, and do a 'set session authorization' to change the user to the db user of the user who is logged in. When we converted to NHibernate, it creates a whole new session and jacks everything up when we...
Help Auditing in Oracle
Hello everybody I need some help in auditing in Oracle. We have a database with many tables and we want to be able to audit every change made to any table in any field. So the things we want to have in this audit are: user who modified time of change occurred old value and new value so we started creating the trigger which ...
NHibernate auditing in disconnected mode
I'm developing an app with a Silverlight UI, transferring my domain objects over WCF and persisting them via NHibernate. I'm therefore working with NHibernate in a disconnected mode. I'm already using the NHibernate PreUpdate and PreInsert EventListeners to perform some metadata operations (updating Create/Update date, created/updated b...
Security events taxonomy
We are currently implementing a security log monitoring/auditing application for local law compliance. In our first implementation we used the security event taxonomy proposed by the OpenGroup XDAS working group since the interesting Common Event Expression (http://cee.mitre.org) effort is apparently going nowhere. Are there any other si...
Can you configure SQL Server 2008 Auditing to keep the audit data on a database other than the one being audited?
We are planning on using the new auditing feature in SQL Server 2008. Is there a way to configure the auditing component to insert audit data to a separate database? ...
Track changes to a sharepoint list item
We are developing a system using SharePoint 2010 Foundataion. We would like to track all changes made to a list. What is the best way to do this? ...
Tracking changes on instances of a class and their associations - thoughts?
Hi all. I have a class Question which has a lot of assocated models. On one page on my app i list a summary of all the current questions, with various info from associated records. Ultimately this is a hash of values that i then just print out into a csv-style row (i'll call this the 'row hash' from hereon) I now have a requirement t...
Good resources for writing a Authentication/Authorization system
Are there any good books, blogs, wiki's, etc, on coding security systems? and standards that should be followed? I'm specifically interested in writing Access Control (DAC, MAC, RBAC) and auditing. I think I have a solid working understanding of DAC due to my experience with *nix systems. But I don't know what goes into implementing thes...
Issue with NHibernate auditing and inherited classes
I have an Animal class that implements IDomainObject. There is another class, Cat, that inherits from Animal. I'm using a Table Per Subclass inheritance strategy for my NHibernate mappings and map the CreatedDate and LastModified properties to columns in the Animal table and to columns in the Cat table. I also use a PreUpdate event hand...
NHibernate Audit Interceptor - current and previous values match when auditing a collection
Hi, I'm auditing certain values using a NHibernate Audit Inteceptor - I have inherited from the EmptyInteceptor and overridden the OnFlushDirty public override bool OnFlushDirty(object entity, object id, object[] currentState, object[] previousState, string[] propertyNames, IType[] types) { For the most part the currentState and ...
How to manage object revisions in Grails?
I need to implement a revision system for articles in my grails web app. After searching grails forum, stackoverflow, grails plugins and googling internet, I have ended up with 3 options: Option 1 - Using the grails Envers plugin (see http://code.google.com/p/grails-envers-plugin/). Has anyone used it successfully? Or using Envers with...
How to log user operations for a asp.net application ?
How can we log user operations for a asp.net application. Further what is the approach for saving the log data ? Kindly guide. ...