You must harden web servers and apps ensuring minimum secure application are hosted
Every web services MUST be SSL certificate enabled
Thoroughly test the web-based application for any security flaw using guidelines from Open web application security project OWASP (shared separately) and published on RISA website
You must implement security controls like reverse proxy authentication which provides an added layer of security for enterprise applications
Every web application MUST be controlled by a web application firewall for more security of web services.
All the internet facing server MUST be placed in the DMZ
You must segregate development/testing environment/activities from production environment/activities
No Comments