Then the organisation either needs to get in someone to replace the missing
employee, train up a person, or stop using that application.
What happens if the server crashes? If there is a bug? You need to update
certificates?
What happens if you had a security incident? The sever gets hacks and any
records on it stolen. Who would handle that?
If your security team don't understand tomcat, they'll have no idea of how to
respond as there is no SME.
On 22/1/21, 2:39 pm, "Nitin Kadam" <nitinkadam1...@gmail.com> wrote:
Hi Darryl - The person who builds this is no more with the organization and
in his absence, I have been asked to handle this, I am from a windows
administrator background.
We only have couple of web apps hosted so no frequent changes happened.
There
On Thu, Jan 21, 2021 at 8:49 PM Darryl Lewis <darryl.le...@unsw.edu.au>
wrote:
> How do you run and support a server technology you know nothing about?
> Someone must have built it, installed it, and support it.
>
> On 22/1/21, 1:25 am, "Nitin Kadam" <nitinkadam1...@gmail.com> wrote:
>
> Hi Team,
>
> The internal security team reported below as Security findings. We do
> not
> have anyone from a Tomcat background and for same we need to know the
> best
> steps to resolve this issue.
>
> "Delete the default index page and remove the example JSP and
servlets.
> Follow the Tomcat or OWASP instructions to replace or modify the
> default
> error page."
>
> this is fiding from the Nessus tool, It would be great if someone
helps
> with steps to resolve.
>
> APache tomcat version: 8.5.38
> Operating system: Windows Server 2012 R2
>
>
> --
> Regards
> Nitin Kadam
> (9967688959)
>
>
--
Regards
Nitin Kadam
(9967688959)
