Beyond the scope of this guide
When evaluating the security of your application, also consider the following items which are beyond the scope of this guide. Some of these items, particularly as they relate to network and infrastructure, are addressed in the Security Hardening Guide for WebSphere Application Server.
-
Basic system security
-
physical access
-
operating system access
-
disaster recovery
-
-
Basic application security
- inducing outages, hangs, or crashes – effectively equivalent to denial of service (DoS)
-
Security for front-end and back-end applications
-
External security manager
-
database
-
LDAP
-
-
Network / web attacks
-
DoS / DDoS – Denial of Service / Distributed Denial of Service – sometimes called flood attacks.
-
Firewalls
-
-
Cloud
-
Training users
-
Social engineering attacks
-
Installing software on clients (keystroke loggers, etc.)
-