[Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org

• Previous message: [Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org
• Next message: [Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

vuln scanning a productive system, which also uses only off the shelf
software? IMHO this is a bad idea.

As the wiki uses no customized tools, there should only be known
vulnerabilities, which then is a task for patch management (which prerequests
continous monitoring, obviously).

When a vulnerability is identified, the corresponding module or whetever must
be disabled, immediately. It's better to have a ugly than an insecure website.

KISS - keep it simple secure
Achim

On 11.02.2016 17:15, Eoin Keary wrote:
> I would be happy to see if we can onboard the OWASP wiki into edgescan continuous vulnerability management if that helps?
> 
> Eoin Keary
> OWASP Volunteer
> @eoinkeary

• Previous message: [Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org
• Next message: [Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]