[OWASP-Security101] Scanning Production Services?

Patrick Laverty patrick_laverty at brown.edu
Thu Apr 12 16:56:05 UTC 2012


What do you do with regard to scanning your production web
applications? It seems that at least some scanners can be pretty
destructive to a site and database if they do find vulnerabilities.

So do you only scan your pre-production environment and then make sure
there are no more code changes from the time of the pre-prod scan and
when the code goes live on a production server?

Thanks.

Patrick


More information about the Security101 mailing list