Web Application Security 101 - 10 Server Tier

•

0 likes•277 views

The document discusses security concerns for the server tier, including ensuring servers and frameworks are fully patched, removing default features with broad access, restricting or removing extra applications, and deleting old code and backup files that could pose security risks if exposed. It provides examples of default features, applications, and files to watch out for, and suggests reviewing servers for potential problems.

Software

Server Tier
Security of the server, the frameworks and web content.

Types Of Concerns
Server Patching
Default Features
Extra Applications
Old Code And Backups

Server Patching
Front-end and back-end servers must be fully patched.

Default Features
Some web servers may come with default functionalities, which may
need to be removed or restricted to authorized personal only.
Tomcat - /manager, etc.
JBoss - /jmx-console, etc.
Apache - /server-status, etc.

Extra Applications
Default server installations may come with built-in applications.
PhpMyAdmin, Django Admin, etc.

Old Code And Backups
There could be old code and backups inside the application root folder.
File prefixes: ~, ., etc.
File suffixes: ~, .bck, .bac, .back, .tar.gz, tar.bz2, etc.

Lab
Let's see if we can find some of these problems.

Viewers also liked

Chapter14 Windows Server 2003 Security FeaturesRaja Waseem Akhtar

Web Server Security Guidelineswebhostingguy

SQL Server: SecurityLearnNowOnline

Web Server Web Site SecuritySteven Cahill

Server VirtualizationSiddharth Bhatt

Server Virtualizationrjain51

Client server security threatsrahul kundu

Introduction to Computer NetworkingAmit Saha

ServersSrinath Dhayalamoorthy

Basic Server PPT (THDC)Vineet Pokhriyal

Virtualization 101: Everything You Need To Know To Get Started With VMwareDatapath Consulting

Server Virtualization Concepts & FeaturesRagesh R Nair

Basic concepts of computer NetworkingHj Habib

Viewers also liked (13)

Chapter14 Windows Server 2003 Security Features

Web Server Security Guidelines

SQL Server: Security

Web Server Web Site Security

Server Virtualization

Client server security threats

Introduction to Computer Networking

Servers

Basic Server PPT (THDC)

Virtualization 101: Everything You Need To Know To Get Started With VMware

Server Virtualization Concepts & Features

Basic concepts of computer Networking

Similar to Web Application Security 101 - 10 Server Tier

Introduction to Apache Tomcat 7 PresentationTomcat Expert

bjhbjMohammedNasser364522

WE18_Performance_Up.pptwebhostingguy

Java troubleshooting thread dumpejlp12

Vulnerabilities on Various Data Processing LevelsPositive Hack Days

Performance Tuning - MuraCon 2012eballisty

Vulnerabilities in data processing levelsbeched

CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...PROIDEA

Jira Rev002Rich Helton

Jboss Tutorial BasicsAnandraj Kulkarni

Os Mcmahanoscon2007

Web Applications and DeploymentBG Java EE Course

Profiling PHP with Xdebug / WebgrindSam Keen

Hibernate java and_oracleKrishnakanth Goud

Performance_Up.pptwebhostingguy

Content Storage With Apache JackrabbitJukka Zitting

WebSphere Technical University: Top WebSphere Problem Determination FeaturesChris Bailey

Get to Know AtoM's CodebaseArtefactual Systems - AtoM

Securing Apache Web ServersInformation Technology

IT Operations for Web DevelopersMahmoud Said

Similar to Web Application Security 101 - 10 Server Tier (20)

Introduction to Apache Tomcat 7 Presentation

bjhbj

WE18_Performance_Up.ppt

Java troubleshooting thread dump

Vulnerabilities on Various Data Processing Levels

Performance Tuning - MuraCon 2012

Vulnerabilities in data processing levels

CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...

Jira Rev002

Jboss Tutorial Basics

Os Mcmahan

Web Applications and Deployment

Profiling PHP with Xdebug / Webgrind

Hibernate java and_oracle

Performance_Up.ppt

Content Storage With Apache Jackrabbit

WebSphere Technical University: Top WebSphere Problem Determination Features

Get to Know AtoM's Codebase

Securing Apache Web Servers

IT Operations for Web Developers

Recently uploaded

Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.

Professional Resume Template for Software DevelopersVinodh Ram

What is Fashion PLM and Why Do You Need ItWave PLM

办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea

Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ

Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin

Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.

Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700

Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran

EY_Graph Database Powered SustainabilityNeo4j

The Evolution of Karaoke From Analog to App.pdfPower Karaoke

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.

Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ

Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq

Recently uploaded (20)

Advancing Engineering with AI through the Next Generation of Strategic Projec...

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...

Professional Resume Template for Software Developers

What is Fashion PLM and Why Do You Need It

办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样

Cloud Data Center Network Construction - IEEE

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide

Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...

Unveiling Design Patterns: A Visual Guide with UML Diagrams

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...

Intelligent Home Wi-Fi Solutions | ThinkPalm

EY_Graph Database Powered Sustainability

The Evolution of Karaoke From Analog to App.pdf

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data

Cloud Management Software Platforms: OpenStack

Salesforce Certified Field Service Consultant