Security best practices for apps in Splunk Cloud Platform and Splunk Enterprise
Was this page helpful?
Was this page helpful?
On this page
As you design your Splunk app, be sure to reference the security guidelines listed below. Splunk recommends following these guidelines.
- Implement security in your software development lifecycle.
- Review the OWASP Top Ten List.
- Review the OWASP Secure Coding Practices Quick Reference Guide.
- For apps with user interface, use a dynamic scanner such as OWASP ZAP to scan web application components for vulnerabilities.
- Ensure all third-party components are up-to-date and have no outstanding CVE vulnerabilities.
- Manually test your application with the controls listed in the OWASP Security Testing Guide.
Ensure proper resource shutdown or release. In the code example below, if an attacker can cause an error in either the open()
or readline()
commands, they could create a denial of service by consuming resources that are never released.
if not os.path.exists(full_path): self.doAction(full_path, header) else: f = open(full_path) oldORnew = f.readline().split(",") f.close()
Fixing the problem requires the use of a try
/except
/finally
block. Code in the finally
block is always run, under all conditions. If there are no errors, it is called once the try
block is complete. If an exception is caught, the finally
block runs after code in the except
block.
if not os.path.exists(full_path): self.doAction(full_path, header) else: try: f = open(full_path) oldORnew = f.readline().split(",") except: #handle the error finally: f.close()