Monitoring and Alerting Best Practices

2 min read Web Security Fundamentals

Monitoring and Alerting Best Practices

class SecurityHeadersMonitoring {
    constructor() {
        this.metrics = {
            violations: new Map(),
            changes: [],
            scores: []
        };
    }
    
    setupMonitoring() {
        // CSP violation monitoring
        app.post('/csp-report', (req, res) => {
            const violation = req.body['csp-report'];
            this.recordViolation(violation);
            
            // Alert on suspicious patterns
            if (this.isSupiciousViolation(violation)) {
                this.sendAlert('Suspicious CSP violation detected', violation);
            }
            
            res.status(204).end();
        });
        
        // Regular header audits
        setInterval(() => this.auditHeaders(), 3600000); // Every hour
    }
    
    isSupiciousViolation(violation) {
        const suspiciousPatterns = [
            /eval|inline/i,
            /data:text\/javascript/i,
            /javascript:/i
        ];
        
        const blockedUri = violation['blocked-uri'] || '';
        return suspiciousPatterns.some(pattern => pattern.test(blockedUri));
    }
    
    async auditHeaders() {
        const endpoints = [
            'https://example.com',
            'https://api.example.com',
            'https://admin.example.com'
        ];
        
        for (const endpoint of endpoints) {
            try {
                const response = await axios.get(endpoint);
                const score = this.calculateSecurityScore(response.headers);
                
                this.metrics.scores.push({
                    endpoint,
                    score,
                    timestamp: new Date()
                });
                
                if (score < 80) {
                    this.sendAlert(`Low security score (${score}) for ${endpoint}`);
                }
            } catch (error) {
                this.sendAlert(`Failed to audit ${endpoint}: ${error.message}`);
            }
        }
    }
    
    generateReport() {
        const report = {
            summary: {
                totalViolations: this.metrics.violations.size,
                averageScore: this.calculateAverageScore(),
                recentChanges: this.metrics.changes.slice(-10)
            },
            recommendations: this.generateRecommendations(),
            trends: this.analyzeTrends()
        };
        
        return report;
    }
}

Implementing security headers effectively requires avoiding common mistakes while following established best practices. Success comes from understanding the impact of each header, implementing progressive enhancement strategies, maintaining consistent policies across your application, and establishing robust monitoring systems. Remember that security is an iterative process—start with basic protections, monitor their effectiveness, and gradually enhance your security posture based on real-world data and evolving threats.## Advanced Security Headers and Future Standards

The landscape of web security continuously evolves as new threats emerge and browser capabilities expand. This chapter explores cutting-edge security headers, experimental features, and emerging standards that represent the future of web security. Understanding these advanced concepts positions developers to implement next-generation security measures and prepare for upcoming changes in the security header ecosystem.