Security issue and ELK?


(Sunil Chaudhari) #1

Hello,
Our centralized logging will undergo some vulnerability tests by third party auditors.
I want to know whether following security issues does exist with ELK.? How to test them?

  1. XML external entity injection : Does it possible in case of HTTP logstash input?
  2. Denial of Service attack vulnerability
  3. Persistent cross-site scripting
  4. Reflected Cross-Site Scripting

br,
Sunil


(Sunil Chaudhari) #2

Hello,
Can anybody put thought on this?


(system) #3