Development community develops web applications and deploys to server.
Later they do the same in production.
This will lead to potential security issues.
Things to consider/do
1. Use Charles Web Proxy and check entire traffic of site through testing.
1. Make sure that there is not 404, 500 related issues.
2. Identify duplicate calls
3. Minimize / reduce service calls
4. Protect important data
2. Out of the box, many servers comes with many URLs to manage them.
Identify all through admin manual and protect them with strict passwords.
Never expose admin URLs outside network
4. Undeploy sample applications, examples, settings from production servers
At the end attackers will get access to your system through default passwords or
They can do denial-of-service (DoS) attack.
Converting out of the box Tomcat to production ready is called “Hardening process” .