Perform an Inventory of Your Web Applications
Organized as though you think your company may be, you probably don’t have a very clear idea about which applications it relies on on a daily basis. In fact, most organizations have many rogue applications running at any given time and never notice them until something goes wrong. You can’t hope to maintain effective web application security without knowing precisely which applications your company uses.
How many are there? Where are they located? Performing such an inventory can be a big undertaking, and it is likely to take some time to complete. While performing it, make a note of the purpose of each application. Chances are that when it is all said and done, there will be many applications that are either redundant or completely pointless. This inventory will come in handy for the steps that are to follow too, so take your time and make sure to get every single application.