Server Application Hardening, unlike other system centric hardening, focuses on using the application rather than the application itself. Server to server and client to server transactions must remain secure. Like roadworks and policing, a route between destinations that are both secure does not mean the route itself is. Have a current application inventory and know what systems are used, how they are used, and the traffic they do and do not accept. Be wary of legacy cryptographic elements and dependent legacy systems. Consider both internal and external transactions and evaluate a Web Application Firewall solution. Undertake vulnerability assessments against applications.