Domain 11 / 12
Operations & Resilience security audit
See attacks coming, keep tamper-proof logs, and recover fast — even from ransomware.
- 32 checks
- Logging · Monitoring · Backups · Availability · Recovery
What securmyapp checks
Inside the Operations & Resilience domain
This is the Operations & Resilience domain of securmyapp — the free, open-source, 100% defensive security auditor for Claude Code that runs 598 checks across 12 domains. The Operations & Resilience domain covers detection and recovery. securmyapp verifies that security events are logged, that logs are immutable and free of sensitive data, and that alerting and correlation are in place — then checks that backups are regular, encrypted, immutable and, crucially, restore-tested, so you can recover from an incident or a ransomware event.
Coverage areas
32 atomic checks span these sub-domains.
Logging
Security-event logging, immutable/WORM logs, no sensitive data logged.
Monitoring
Centralization, retention, alerting and anomaly correlation.
Backups
Regular, encrypted, off-site and immutable (3-2-1) backups.
Recovery
Periodic restore tests that prove backups actually work.
Availability
Resilience against disruption and resource exhaustion.
Forensics
Time synchronization for reliable incident correlation.
Example checks
A sample of the real checks run in this domain — each mapped to a standard and a fix.
| Check | Severity | Detects | Reference |
|---|---|---|---|
| Security event logging | High | Missing logs for auth, access, errors and sensitive actions. | A09:2021 · ASVS V16 · NIST AU-2 |
| Log protection & integrity | High | Modifiable logs that let attackers erase their traces. | ASVS V16 · NIST AU-9 |
| Regular & encrypted backups | High | Missing or cleartext backups. | NIST CP-9 · CSF PR.IP-4 |
| Backup restore testing | High | Untested backups that fail exactly when you need them. | NIST CP-9 · CP-10 |
| Backup immutability (anti-ransomware) | High | Modifiable backups a ransomware operator can destroy. | NIST CP-9 · MITRE T1486 |
| Alerting on critical events | High | No alerts on root usage, auth failures or config changes. | NIST SI-4 · CIS AWS |
Vulnerabilities we catch
- Missing security-event logging (OWASP A09:2021)
- Mutable logs that allow attackers to erase their tracks
- Sensitive data (PII, secrets) written to logs
- Missing, cleartext or never-tested backups
- Mutable backups with no anti-ransomware immutability
- No alerting or correlation on critical security events
How remediation works and standards
Detect → explain → fix → verify
How remediation works here
Every finding in this domain is explained in plain language with its reference, fixed with a concrete change to the exact file and line, committed as a reversible Git commit, then re-checked in a real browser against a healthy baseline — so a security fix never breaks your app.
Standards behind this domain
Mapped to recognized references
- OWASP WSTG
- OWASP ASVS 5.0
- OWASP API Top 10
- OWASP MASVS 2.1
- CIS Benchmarks
- MITRE ATT&CK
- CWE
FAQ
Operations & Resilience — questions & answers
Why does logging matter for security?
Insufficient logging and monitoring is OWASP A09:2021. Without security-event logs, immutable storage and alerting, breaches go undetected for months — securmyapp verifies all three.
Does it check that backups actually work?
Yes. Beyond requiring regular, encrypted, off-site backups, it checks for periodic restore testing and immutability (3-2-1), so recovery is possible during a real incident or ransomware attack.
What does it look for in monitoring?
Log centralization and retention (90+ days), alerting on critical events like root usage and config changes, and anomaly-correlation rules that shorten detection time.
Related domains
Get started
Audit your app in the next five minutes
Clone the skill into ~/.claude/skills/, then ask Claude to audit your app (or type /securmyapp). The full audit starts on its own.
git clone https://github.com/mafady/securmyapp ~/.claude/skills/securmyapp
View on GitHub Browse the domains
New to Claude Code? Follow the step-by-step getting started guide.
Requires Node.js 18+, Claude Code, and a paid Claude subscription. Semgrep & Playwright recommended.