Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Application Security/
SEC06 Application Security/
SEC06-04 Configuring Application Security
Updated on 2025-05-22 GMT+08:00
SEC06-04 Configuring Application Security
Configurations of applications must be hardened to eliminate security vulnerabilities and risks caused by improper security configurations.
- Risk level
High
- Key strategies
Harden security configurations and configure web attack protection for applications, such as Nginx, Tomcat, Apache, Jetty, JBoss, PHP, and Redis, you may use in your workloads by referring to security configuration specifications.
- Privilege escalation, such as capability privilege escalation, suid file privilege escalation, scheduled task privilege escalation, and sudo file configuration privilege escalation
- Users for running services. For example, the users who run services can have only the minimum permissions. The root user is not allowed to run services.
- Protection against common web attacks, such as SQL injection, XSS, file inclusion, directory traversal, sensitive file access, command and code injection, Trojans, and third-party vulnerability exploits
- Related cloud services and tools
- Host Security Service (HSS)
- Web Application Firewall (WAF)
Parent topic: SEC06 Application Security
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
