1. Maintenance and monitoring is iterative process undertaken after initial deployment of the application
  2. It includes set of activities that are being carried out to continuously maintain the security of web hosting environment. These activities allows to keep application up-to-date concerning the emerging vulnerabilities
  3. The maintenance activities should be carried out at various level of web hosting environment
    – OS level
    – Web server level
    – Application level
  4. The purpose of implementing the maintenance should be to modify the product without affecting its integrity

Security Maintenance Activities at OS Level

  1. Maintain Test server and Production server separately
  2. Look for the latest OS level security updates, patches, and hotfixes released continuously and apply them time to time
  3. Monitor and analyze system level logs
  4. Take backup of the data and OS regularly
  5. Monitor the antivirus software to ensure updates are applied and functioning properly
  6. Ensure OS permissions of all system folders are intact
  7. Scan and update the system with the latest antivirus scan engine/virus definitions regularly
  8. Ensure that spam/hacked services are not present by inspecting default start-up state of system services
  9. Monitor background processes and startup items to prevent from malware infections continuously

Security Maintenance Activities at Web Container Level

  1. Continuously look for the latest versions, security updates, patches and apply the time to time
  2. Monitor and analyze Web container logs
  3. Ensure that configured web container security features are intact
  4. Scan the web server periodically for identifying vulnerabilities and misconfigurations
  5. Perform the penetration testing periodically to assess the effectiveness of existing security features

Security Maintenance Activities at Application Level

  • Scan the application periodically for identifying vulnerabilities and misconfigurations
  • Perform the penetration testing periodically to assess the effectiveness of existing security features
  • Patch the application for vulnerabilities discovered
  • Maintain backup of public websites

Module Summary

  • Security should be the critical consideration while deploying any application
  • JAVA web application secure deployment involves ensuring security at various levels from bottom to top
  • Administrator should ensure the physical security of a host machine, its OS security, and security of the all other software installed on the machine
  • A Web Application Firewall (WAF) provides a security layer that protects the web server from malicious traffic
  • Administrator should ensure secure setting of the web server (Apache Tomcat, Jboss(WildFly))
  • Administrator should configure and check the deployment security settings in both Server.xml and web.xml files carefully
  • Maintenance and monitoring is an iterative process undertaken after the initial deployment of the application