[OWASP-Security101] Scanning Production Services?
patrick_laverty at brown.edu
Thu Apr 12 16:56:05 UTC 2012
What do you do with regard to scanning your production web
applications? It seems that at least some scanners can be pretty
destructive to a site and database if they do find vulnerabilities.
So do you only scan your pre-production environment and then make sure
there are no more code changes from the time of the pre-prod scan and
when the code goes live on a production server?
More information about the Security101