Securing a hosted WAPT server
Published: April 21, 2021 - 9:43 AM
Hello,
After testing WAPT Community (v1.8), we would like to integrate it into our infrastructure via a hosted VPS solution.
However, I have a few security questions:
- When accessing the server's web page, the agent and agentdeploy files (as well as the command with the hash) are visible to anyone (especially if deployed on a VPS infrastructure). Is it possible to disable the downloading of these agents or at least the display of the command that provides the hash? I can already see rogue PCs integrating into our database.
- Is the hash always provided in the agentdeploy command with Kerberos-type authentication?
- What other security methods can be implemented with the community version on a hosted server?
Thank you for your answers,
Best regards,
Adrian.
After testing WAPT Community (v1.8), we would like to integrate it into our infrastructure via a hosted VPS solution.
However, I have a few security questions:
- When accessing the server's web page, the agent and agentdeploy files (as well as the command with the hash) are visible to anyone (especially if deployed on a VPS infrastructure). Is it possible to disable the downloading of these agents or at least the display of the command that provides the hash? I can already see rogue PCs integrating into our database.
- Is the hash always provided in the agentdeploy command with Kerberos-type authentication?
- What other security methods can be implemented with the community version on a hosted server?
Thank you for your answers,
Best regards,
Adrian.