[Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org

Achim achim at owasp.org
Thu Feb 11 17:08:01 UTC 2016


vuln scanning a productive system, which also uses only off the shelf
software? IMHO this is a bad idea.

As the wiki uses no customized tools, there should only be known
vulnerabilities, which then is a task for patch management (which prerequests
continous monitoring, obviously).

When a vulnerability is identified, the corresponding module or whetever must
be disabled, immediately. It's better to have a ugly than an insecure website.

KISS - keep it simple secure
Achim

On 11.02.2016 17:15, Eoin Keary wrote:
> I would be happy to see if we can onboard the OWASP wiki into edgescan continuous vulnerability management if that helps?
> 
> Eoin Keary
> OWASP Volunteer
> @eoinkeary




More information about the OWASP-Leaders mailing list