<div>
<div class="content wysiwyg-content">
Anyone can point me to hardening guides (for latest or second latest versions) of the 
above middleware, ideally from NIST or CIS or SANS (as these are more 'formalized'). 
If there's none from these sources, can consider other sources 
 
 
So far found 
 
JBoss: 
nothing yet 
 
Websphere: 
<a href="http://www.ibm.com/developerworks/websphere/techjournal/1004_botzum/1004_botzum.html" rel="ugc">http://www.ibm.com/developerworks/websphere/techjournal/1004_botzum/1004_botzum.html</a> 
<a href="http://www.ibm.com/developerworks/websphere/zones/was/security/#hardening" rel="ugc">http://www.ibm.com/developerworks/websphere/zones/was/security/#hardening</a> 
 
WebLogic: 
<a href="http://docs.oracle.com/cd/E15523_01/web.1111/e13707/toc.htm" rel="ugc">http://docs.oracle.com/cd/E15523_01/web.1111/e13707/toc.htm</a> 
<a href="http://docs.oracle.com/cd/E15523_01/web.1111/e13713/toc.htm" rel="ugc">http://docs.oracle.com/cd/E15523_01/web.1111/e13713/toc.htm</a> 
 
IIS: 
<a href="https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.servers.web.iis" rel="ugc">https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.servers.web.iis</a>&nbsp; 
IIS 8: <a href="https://technet.microsoft.com/en-us/magazine/dn236383.aspx" rel="ugc">https://technet.microsoft.com/en-us/magazine/dn236383.aspx</a> 
IIS 8.5: <a href="http://windows.microsoft.com/en-us/windows-8/internet-information-services-iis-8-5" rel="ugc">http://windows.microsoft.com/en-us/windows-8/internet-information-services-iis-8-5</a>
</div>
</div>

Anyone can point me to hardening guides (for latest or second latest versions) of the
above middleware, ideally from NIST or CIS or SANS (as these are more 'formalized').
If there's none from these sources, can consider other sources


So far found

JBoss:
nothing yet

Websphere:
http://www.ibm.com/developerworks/websphere/techjournal/1004_botzum/1004_botzum.html
http://www.ibm.com/developerworks/websphere/zones/was/security/#hardening

WebLogic:
http://docs.oracle.com/cd/E15523_01/web.1111/e13707/toc.htm
http://docs.oracle.com/cd/E15523_01/web.1111/e13713/toc.htm

IIS:
https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.servers.web.iis 
IIS 8: https://technet.microsoft.com/en-us/magazine/dn236383.aspx
IIS 8.5: http://windows.microsoft.com/en-us/windows-8/internet-information-services-iis-8-5

NIST, CIS &amp; SANS hardening guides for JBOSS, Weblogic, Websphere, IIS

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Java application servers that support the Java EE platform and features include JOnAS from Object Web, WildFly (formerly JBoss AS) from JBoss, Geronimo from Apache, TomEE from Apache, Resin Java Application Server from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from Enhydra.org, and GlassFish from Oracle. Commercial Java app servers include WebLogic by Oracle, WebSphere from IBM and the open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.

Java App Servers

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

NIST, CIS &amp; SANS hardening guides for JBOSS, Weblogic, Websphere, IIS

NIST, CIS & SANS hardening guides for JBOSS, Weblogic, Websphere, IIS