29 of 31
Other Basic Precautions
u1) Utilize software/hardware firewalls to control access
to applications.
u2) With small user base, limit exposure to user domains/IP addresses to reduce risk of being probed.
u3) Investigate VPN to connect to an Intranet instead of exposing your application to the Internet.
u4) Ensure all data transferred to/from site is encrypted
ØOnly way to access
the site is via HTTPS
u5) Make sure that Application Server is hardened.
ØRemove
unnecessary/unused components
§Demo/example
software that comes with most Application Servers including Oracle.
u6) Strictly control access to servers and source
code.
