Security Audit Checklist
Comprehensive security audit checklist based on CIS and NIST frameworks.
Security Audit Checklist
Assess web application security with OWASP-aligned controls. Click each item to cycle through Pass / Fail / Not Assessed and get a risk report.
HTTPS / TLS encryption enforced everywhere
Transport • Risk weight: 9/9
Strong authentication (MFA, password policy)
Access Control • Risk weight: 9/9
Input validation on all forms and APIs
Input Handling • Risk weight: 8/9
SQL injection prevention (parameterized queries)
Injection • Risk weight: 9/9
XSS prevention (output encoding, CSP)
Injection • Risk weight: 8/9
CSRF protection on state-changing requests
Session • Risk weight: 7/9
Security headers configured (CSP, X-Frame-Options, etc.)
Headers • Risk weight: 6/9
Dependencies scanned for known vulnerabilities
Supply Chain • Risk weight: 7/9
Rate limiting on authentication and APIs
Availability • Risk weight: 6/9
Secrets management (no hardcoded keys)
Configuration • Risk weight: 8/9
Security logging and monitoring
Monitoring • Risk weight: 6/9
Data encryption at rest
Data Protection • Risk weight: 7/9
Principle of least privilege (RBAC)
Access Control • Risk weight: 7/9
Backups tested and encrypted
Resilience • Risk weight: 6/9
Tool Information
分类
Scale 法律和遵守
类型
⚡ 在浏览器中处理
标签