Follow these steps during installation and configuration
to ensure your AppScan® Enterprise
instance is secure.
Procedure
- During configuration, choose a certificate specific to
your organization in the Server Certificate dialog.
- To secure IIS on the Enterprise Console Server:
- Disable WebDAV.
- Disable the EnableTraceMethod. This method determines
whether IIS recognizes the HTTP TRACE method. The TRACE method is
used to invoke a remote, application-layer loop-back of a request
message. TRACE allows a client to see what is being received at the
other end of the request chain and use that data for testing and debugging
information.
Note: Do not leave EnableTraceMethod enabled
on a production system, because it can reveal backend server address
information to a malicious user.