19Ağu
Basic monitoring of web applications (http headers, HSTS)
I would like to set up som basic monitoring of outgoing traffic for a number of web applications and api´s running in AWS. E.g.
- Ensure specific http headers are in place (Content-Security-Policy and Strict-Transport-Security must be present and meets some minimum requirements),
- Detect use of SSL/TLS ciphers not in curated allowed list.
I am aware that AWS Security Hub provides a baseline security checking that, if it allowed customization (which it does currently not), would have been a perfect solution.
What tool or service would you recommend to meet the above monitoring requirements, in- or outside of AWS?
