S1. Have security requirements been carefully defined and the system implementation evaluated against those requirements? Has a security expert reviewed the system design and implementation? Have all system components been hardened?
S2. Is WAS global security on? Have WAS sample certificates been replaced with self-signed certificates or certificates from a legitimate Certificate Authority?
S3. If you are concerned about the trustworthiness of your application code in the infrastructure, have you turned Java2 security on? Has testing been done, and are all necessary policy files intact and accurate?
S4. Has any form of ethical hacking been done, at a minimum turning some of the more “creative” employees loose on the system?
S5. Have ...