Security best practices¶
Avoid information leakage¶
Rather than directly attacking a server, attackers will first run discovery tasks to steal publicly accessible data off the server.
There are many types of sensitive information that you should protect from attackers, including system data, configuration, secrets, intellectual property and an individual’s personal (private) information.
On test/dev/staging/pre-prod environments, if needed only, make sure to ask support team to add with authorized IPs using Apache.
1<Location /adminer.php> 2 Require all denied 3</Location> 4 5<Location /app_dev.php> 6 Require all denied 7</Location>
Found a typo or a hole in the documentation and feel like contributing?
Join us on Github!