Hardening Servers like Tomcat, Play, Spring, Apache, JBoss, Weblogic, …etc

Development community develops web applications and deploys to server.
Later they do the same in production.
This will lead to potential security issues.

Things to consider/do

1. Use Charles Web Proxy and check entire traffic of site through testing.
1. Make sure that there is not 404, 500 related issues.
2. Identify duplicate calls
3. Minimize / reduce service calls
4. Protect important data

2. Out of the box, many servers comes with many URLs to manage them.
Identify all through admin manual and protect them with strict passwords.
Never expose admin URLs outside network

3. Perform port scan and protect respective ports through firewall rules or by other ways.
https://nmap.org/
https://nmap.org/download.html#windows

4. Undeploy sample applications, examples, settings from production servers

At the end attackers will get access to your system through default passwords or
They can do denial-of-service (DoS) attack.
Reference: https://en.wikipedia.org/wiki/Denial-of-service_attack

Converting out of the box Tomcat to production ready is called “Hardening process” .
Reference:
https://www.owasp.org/index.php/Securing_tomcat
https://www.insinuator.net/2014/01/tomcat-7-hardening-guide/
https://geekflare.com/apache-tomcat-hardening-and-security-guide/
-o-

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s