Domain 11 / 12

Operations & Resilience security audit

See attacks coming, keep tamper-proof logs, and recover fast — even from ransomware.

  • 32 checks
  • Logging · Monitoring · Backups · Availability · Recovery

Run the audit See example checks

What securmyapp checks

Inside the Operations & Resilience domain

This is the Operations & Resilience domain of securmyapp — the free, open-source, 100% defensive security auditor for Claude Code that runs 598 checks across 12 domains. The Operations & Resilience domain covers detection and recovery. securmyapp verifies that security events are logged, that logs are immutable and free of sensitive data, and that alerting and correlation are in place — then checks that backups are regular, encrypted, immutable and, crucially, restore-tested, so you can recover from an incident or a ransomware event.

Coverage areas

32 atomic checks span these sub-domains.

  • Logging

    Security-event logging, immutable/WORM logs, no sensitive data logged.

  • Monitoring

    Centralization, retention, alerting and anomaly correlation.

  • Backups

    Regular, encrypted, off-site and immutable (3-2-1) backups.

  • Recovery

    Periodic restore tests that prove backups actually work.

  • Availability

    Resilience against disruption and resource exhaustion.

  • Forensics

    Time synchronization for reliable incident correlation.

Example checks

A sample of the real checks run in this domain — each mapped to a standard and a fix.

Example Operations & Resilience security checks with severity, what they detect, and their standard reference.
CheckSeverityDetectsReference
Security event loggingHighMissing logs for auth, access, errors and sensitive actions.A09:2021 · ASVS V16 · NIST AU-2
Log protection & integrityHighModifiable logs that let attackers erase their traces.ASVS V16 · NIST AU-9
Regular & encrypted backupsHighMissing or cleartext backups.NIST CP-9 · CSF PR.IP-4
Backup restore testingHighUntested backups that fail exactly when you need them.NIST CP-9 · CP-10
Backup immutability (anti-ransomware)HighModifiable backups a ransomware operator can destroy.NIST CP-9 · MITRE T1486
Alerting on critical eventsHighNo alerts on root usage, auth failures or config changes.NIST SI-4 · CIS AWS

Vulnerabilities we catch

  • Missing security-event logging (OWASP A09:2021)
  • Mutable logs that allow attackers to erase their tracks
  • Sensitive data (PII, secrets) written to logs
  • Missing, cleartext or never-tested backups
  • Mutable backups with no anti-ransomware immutability
  • No alerting or correlation on critical security events

How remediation works and standards

Detect → explain → fix → verify

How remediation works here

Every finding in this domain is explained in plain language with its reference, fixed with a concrete change to the exact file and line, committed as a reversible Git commit, then re-checked in a real browser against a healthy baseline — so a security fix never breaks your app.

Standards behind this domain

Mapped to recognized references

  • OWASP WSTG
  • OWASP ASVS 5.0
  • OWASP API Top 10
  • OWASP MASVS 2.1
  • CIS Benchmarks
  • MITRE ATT&CK
  • CWE

FAQ

Operations & Resilience — questions & answers

Why does logging matter for security?

Insufficient logging and monitoring is OWASP A09:2021. Without security-event logs, immutable storage and alerting, breaches go undetected for months — securmyapp verifies all three.

Does it check that backups actually work?

Yes. Beyond requiring regular, encrypted, off-site backups, it checks for periodic restore testing and immutability (3-2-1), so recovery is possible during a real incident or ransomware attack.

What does it look for in monitoring?

Log centralization and retention (90+ days), alerting on critical events like root usage and config changes, and anomaly-correlation rules that shorten detection time.

Get started

Audit your app in the next five minutes

Clone the skill into ~/.claude/skills/, then ask Claude to audit your app (or type /securmyapp). The full audit starts on its own.

Install — one command
git clone https://github.com/mafady/securmyapp ~/.claude/skills/securmyapp

View on GitHub Browse the domains

New to Claude Code? Follow the step-by-step getting started guide.

Requires Node.js 18+, Claude Code, and a paid Claude subscription. Semgrep & Playwright recommended.