Tomcat Security

Amongst Java application servers, Apache Tomcat is unique in that it is the only server for which the Center for Internet Security has publicly released hardened security guidelines. These guidelines apply to a range of widely used software applications and are aimed at helping protect deployments from various security risks.
 
The aim of this article is to help you assess the security of your Tomcat installation. Is your Tomcat secure? Enhancing your Tomcat security will involve work editing the web.xml, server.xml, and logging.properties. But doing so is actually quite painless. I suggest you begin by downloading the Center for Internet Security’s report, which runs to 56 pages. However, I’d like to divide the process into a number of actionable steps.
 
Step 1. Systems Administrators are machines that turn coffee into cutting edge servers, so start by getting some coffee. You are in for a ride.
Step 2.  Download the CIS’s  security guidelines here. (Go to Applications -> Apache Tomcat Server).
Step 3. Skip to page 9
Step 4. Follow the step by step instructions.
Step 5. During the audit, note your divergence from the guidelines
Step 6. Apply the suggested remediation steps
 
Comments on this post:
Submitted by Anonymous (not verified) on Tue, 2010-03-09 16:29. #

Sure!

 
Submitted by Help! (not verified) on Wed, 2010-02-03 09:53. #

Can you please add a link to the CIS security guidelines?

 

Post new comment

The content of this field is kept private and will not be shown publicly.

Download Tcat Server - Tomcat Simplified

Develop, diagnose, manage, configure, and deploy your Apache Tomcat applications with ease, and break free from bloated legacy JEE app servers. Built on 100% Tomcat, with no changes to the core code, Tcat Server is free for developers, and there is no commitment required. Try it now, risk-free! 
 

click thumbnail to enlarge

Link to this page

Sign up for our Newsletter!