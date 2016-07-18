Where is your application hosted?

The application is only as secure as the server hosting it. A vulnerability within the server could be a gateway into application data or an entry point into your organization.

There are a number of factors to consider when examining the security of the server behind your application. Look out for news about zero-day attacks related to the server and any software versions that are running on it. Maintain a regular patching schedule to reduce the risk that these threats pose.

Another way to prevent an attacker from gaining access is to understand the configuration of your server and services. Then, make changes where necessary to bolster the security of your system. This includes ensuring that unique, secure passwords or keys are in use for all services running on the server. The default Raspberry Pi Debian image, for example, has the same SSH keys across all downloads. As such, it's important to regenerate these keys before use. Additionally, ensure that your server is configured so that the application is using SSL/TLS with secure ciphers.