Server TierSecurity of the server, the frameworks and web content.
Types Of ConcernsServer Patching
Default Features
Extra Applications
Old Code And Backups
Server PatchingFront-end and back-end servers must be fully patched.
Default FeaturesSome web servers may come with default functionalities, which may
need to be removed or restricted to authorized personal only.
Tomcat - /manager, etc.
JBoss - /jmx-console, etc.
Apache - /server-status, etc.
Extra ApplicationsDefault server installations may come with built-in applications.
PhpMyAdmin, Django Admin, etc.
Old Code And BackupsThere could be old code and backups inside the application root folder.
File prefixes: ~, ., etc.
File suffixes: ~, .bck, .bac, .back, .tar.gz, tar.bz2, etc.
LabLet's see if we can find some of these problems.