====== Security Checklist (KRITIS/NIS2) ====== **Version:** 2.0\\ **Scope:** Crypto, memory safety, availability, information disclosure, secure error handling. Comprehensive security checklist based on CWE vulnerabilities and attack patterns. ===== Cryptographic Security ===== ^ Check ^ CWE ^ Description ^ | [ ] Nonce Uniqueness | CWE-323 | AES-GCM nonce unique per encryption (CRITICAL!) | | [ ] Nonce Tracking | CWE-323 | Track used nonces, enforce MAX_NONCES_PER_KEY | | [ ] Key Rotation | CWE-323 | Rotate key after nonce limit reached | | [ ] Cryptographic RNG | CWE-330 | OpenSSL/OS CSPRNG for keys/nonces | | [ ] Random IDs | CWE-330 | No sequential key/session IDs | | [ ] Constant-time Comparison | CWE-208 | For secrets, MACs, tokens, API keys | | [ ] Replay Protection | CWE-294 | Nonce/timestamp/sequence tracking | | [ ] Channel Encryption | CWE-300 | mTLS for external communication | ===== Memory Security ===== ^ Check ^ CWE ^ Description ^ | [ ] Memory Zeroization | CWE-316 | Clear secrets after use | | [ ] No Secrets in Logs | CWE-532 | Never log keys, passwords, tokens | | [ ] Secure String Handling | CWE-316 | SecureString (C#), secrecy (Rust) | | [ ] Key Material Cleared | CWE-316 | try-finally ensures cleanup on exception | ===== Input Validation ===== ^ Check ^ CWE ^ Description ^ | [ ] Size Limits | CWE-400 | MAX_PAYLOAD_SIZE enforced (default: 64KB) | | [ ] Integer Overflow | CWE-190 | SafeAdd(), checked_add(), checked arithmetic | | [ ] Null Checks | CWE-476 | At all API boundaries | | [ ] No Unwrap on Input | CWE-248 | Proper error handling, no panic on malformed data | | [ ] Parameterized Queries | CWE-89 | Never string concatenation for SQL | | [ ] Character Validation | - | Whitelist for identifiers where appropriate | ===== Error Handling ===== ^ Check ^ CWE ^ Description ^ | [ ] Sanitized Messages | CWE-209 | No paths/versions/stack traces to client | | [ ] Full Error Logging | - | Log complete error internally before sanitizing | | [ ] No Panic in Service | CWE-248 | Graceful error recovery, service stays up | | [ ] Stack Trace Preserved | - | Re-throw without wrapping | ===== Availability (DoS Protection) ===== ^ Check ^ CWE ^ Description ^ | [ ] Rate Limiting | CWE-400 | Token bucket per client/endpoint | | [ ] Request Size Limits | CWE-400 | Reject oversized payloads early | | [ ] Lock Safety | CWE-667 | Lock recovery mechanism | | [ ] Resource Cleanup | CWE-772 | try-finally, using, defer, RAII - always | | [ ] Timeout Handling | CWE-400 | Timeouts on all external operations | ===== Thread Safety ===== ^ Check ^ CWE ^ Description ^ | [ ] Lock Poisoning Handled | CWE-667 | Recovery from poisoned locks | | [ ] No Race Conditions | CWE-362 | Thread-safe data structures | | [ ] Atomic Operations | CWE-362 | For counters, flags, shared state | | [ ] Deadlock Prevention | CWE-833 | Lock ordering, timeouts | ===== Audit & Compliance ===== ^ Check ^ Standard ^ Description ^ | [ ] All Modifications Logged | ISO 27001 A.12.4 | Data changes with user, timestamp, old/new value | | [ ] Security Events Logged | NIS2 Art. 21 | Failed auth, rate limiting, suspicious input | | [ ] Log File Rotation | - | Incremental format | | [ ] No Sensitive Data in Logs | CWE-532 | Audit for accidental exposure | ===== Quick Reference - By Attack Type ===== **Cryptographic Attacks:** * [ ] Nonce reuse prevented * [ ] Timing attacks mitigated (constant-time compare) * [ ] Replay attacks blocked * [ ] Key enumeration prevented (random IDs) **Input Attacks:** * [ ] Buffer overflow prevented (size limits) * [ ] Integer overflow prevented * [ ] Malformed input handled * [ ] SQL injection prevented **Availability Attacks:** * [ ] Resource exhaustion prevented (rate limiting) * [ ] Lock poisoning handled * [ ] Memory exhaustion prevented **Information Disclosure:** * [ ] Error messages sanitized * [ ] Secrets zeroized after use * [ ] No sensitive data in logs ---- No exec/shell_exec/system calls No eval() calls Output escaping SQL injection prevention CSRF protection ---- //Version: 2.0 (Split)//\\ //Author: Wolfgang van der Stille// Back to [[start|Security Checklists]] | [[..:start|Review Checklists]] ~~DISCUSSION:off~~