Securing On-premises Hosted Services
- You must harden web servers and apps ensuring minimum secure application are hosted
- Every web services MUST be SSL certificate enabled
- Thoroughly test the web-based application for any security flaw using guidelines from Open web application security project OWASP (shared separately) and published on RISA website
- You must implement security controls like reverse proxy authentication which provides an added layer of security for enterprise applications
- Every web application MUST be controlled by a web application firewall for more security of web services.
- All the internet facing server MUST be placed in the DMZ
- You must segregate development/testing environment/activities from production
environment/activities