Our centralized logging will undergo some vulnerability tests by third party auditors.
I want to know whether following security issues does exist with ELK.? How to test them?
- XML external entity injection : Does it possible in case of HTTP logstash input?
- Denial of Service attack vulnerability
- Persistent cross-site scripting
- Reflected Cross-Site Scripting