We are currently doing some security check for DC RUM / NAM and are asked if CAS is using one of these features:
- Server Side Includes (SSI)
I assume that none of these is used and I didn't found anything in <CAS>/wwwroot/WEB-INF/web.xml or related data files. Anybody knows if one of these is used?
Solved! Go to Solution.
None of these is used on CAS or AMD.
When preparing for security tests, please remember to go through the hardening advice (https://www.dynatrace.com/support/doc/nam/data-privacy-and-security/configuration/hardening-dc-rum) and double check the OS on both AMD and CAS. It happens that scans raise lots of warnings which point at vulnerabilities of the OS on which CAS sits, but security teams attribute them to the CAS as a whole.