Some developer/administrator leaves setting of OS or application on default mode which is not secure at all. Poorly configured security controls could allow malicious user to change your website, obtain unauthorized access, compromise files, or perform other unintended action.
What to configure:
- OS
- Web/App Server
- DBMS
- Applications
- Third party framework
- Attack on Confidentiality
- Attack on Integrity
- Attack on Availability
- Keep OS updated
- Keep third party application up to date.
- Change default username and password.
- Disable directory listings if they are not necessary, or set access controls.
- Delete unnecessary files such as configuration or install file.
- Use strong encryption for anything sensitive.
No comments:
Post a Comment