The audit of a web platform, or host, should be conducted in conjunction with the audit of the web server and web application(s). Please see Chapters 6 and 7 on Unix or Windows if one of those applies for the audit of the platform. The following steps are intentionally general and cover the common issues found in web servers and applications. These steps will suffice for most audits.
Keep in mind that if the following steps don't fit with your intentions, then you need to review Chapter 10 on Auditing Applications. That chapter is intentionally geared toward conceptually breaking down complex or infrequent audits.
Note | The platform portion of the audit is as important as the audit of the web server and the web applications. Please refer to the Chapters 6 and 7 on auditing Unix or Windows servers for this portion of the audit. |