The scope of infrastructure or platform security covers the operating system, virtualization, docker, web services, database, and secure communication.
The review of infrastructure security includes identifying the known vulnerable components, secure configurations, and secure communication protocols:
Infrastructure/platform security | Description | Open source tools and resources |
Known vulnerable components | The known vulnerable CVE component is one of OWASP top 10 threats. If a component is exploited, the application can be vulnerable for remote injection or data leakage security risks. |
|
Secure configuration | The secure configuration is to ensure the OS, Web, virtualization, and databases are configured securely such as password complexity, removal of default settings, or disable unnecessary... |