Build a more secure foundation for web applications¶

• Remove all unnecessary web server modules. A lot of web servers by default come with several modules that introduce security risks.

• Modify default configuration settings.

• Install and run a web application firewall (WAF). Most web servers support the open-source ModSecurity firewall.

• If possible, either patch server software to the latest version automatically or turn on notifications for manual patching.