Securing On-premises Hosted Services

You must harden web servers and apps ensuring minimum secure application are hosted 

 Every web services MUST be SSL certificate enabled 

 Thoroughly test the web-based application for any security flaw using guidelines from Open web application security project OWASP (shared separately) and published on RISA website 

 You must implement security controls like reverse proxy authentication which provides an added layer of security for enterprise applications 

 Every web application MUST be controlled by a web application firewall for more security of web services. 

 All the internet facing server MUST be placed in the DMZ 

 You must segregate development/testing environment/activities from production environment/activities