cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is CAS using WebDav, CGI or SSI?

We are currently doing some security check for DC RUM / NAM and are asked if CAS is using one of these features:

- WebDAV

- CGI

- Server Side Includes (SSI)

I assume that none of these is used and I didn't found anything in <CAS>/wwwroot/WEB-INF/web.xml or related data files. Anybody knows if one of these is used?


Dynatrace Consultant and Center of Excellence Expert
1 REPLY 1

Krzysztof_Ziemi
Dynatrace Pro
Dynatrace Pro

None of these is used on CAS or AMD.

When preparing for security tests, please remember to go through the hardening advice (https://www.dynatrace.com/support/doc/nam/data-privacy-and-security/configuration/hardening-dc-rum) and double check the OS on both AMD and CAS. It happens that scans raise lots of warnings which point at vulnerabilities of the OS on which CAS sits, but security teams attribute them to the CAS as a whole.