[Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org
achim at owasp.org
Thu Feb 11 17:08:01 UTC 2016
vuln scanning a productive system, which also uses only off the shelf
software? IMHO this is a bad idea.
As the wiki uses no customized tools, there should only be known
vulnerabilities, which then is a task for patch management (which prerequests
continous monitoring, obviously).
When a vulnerability is identified, the corresponding module or whetever must
be disabled, immediately. It's better to have a ugly than an insecure website.
KISS - keep it simple secure
On 11.02.2016 17:15, Eoin Keary wrote:
> I would be happy to see if we can onboard the OWASP wiki into edgescan continuous vulnerability management if that helps?
> Eoin Keary
> OWASP Volunteer
More information about the OWASP-Leaders