[OWASP-Security101] Scanning Production Services?

Patrick Laverty patrick_laverty at brown.edu
Fri Apr 13 12:54:18 UTC 2012


By "destructive" I mean that if there is a SQLi vulnerability that
gets exploited, the database gets filled with garbage data which then
also makes the site garbage.

I work in an environment with hundreds of sites, so to just point and
shoot at our entire environment would be pretty hard to really scan.

Thanks.


On Fri, Apr 13, 2012 at 8:12 AM, us1903 <sharu89 at gmail.com> wrote:
> Hi Patrick,
>
> When you say scanners are destructive to a site, do you mean the
> performance issue when the scans are running? As for the destruction it can
> cause in the database, you can scan the application in the production
> environment by making a blacklist. This blacklist will contain all the
> URLs/requests that can modify content in the database. Exclude all such
> requests from the scanner for the production environment. Although, making
> the blacklist is time-consuming and you will have to hand-pick the
> URLs/requests.
>
> Yes of-course the blacklisted URLs/requests will have to
> be assessed manually or other approaches that are safe.
>
> --
> Sharath Unni
>
> On Fri, Apr 13, 2012 at 5:30 PM, <security101-request at lists.owasp.org>wrote:
>
>> Send Security101 mailing list submissions to
>>        security101 at lists.owasp.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>        https://lists.owasp.org/mailman/listinfo/security101
>> or, via email, send a message with subject or body 'help' to
>>        security101-request at lists.owasp.org
>>
>> You can reach the person managing the list at
>>        security101-owner at lists.owasp.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Security101 digest..."
>>
>>
>> Today's Topics:
>>
>>   1. Scanning Production Services? (Patrick Laverty)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Thu, 12 Apr 2012 12:56:05 -0400
>> From: Patrick Laverty <patrick_laverty at brown.edu>
>> To: security101 at lists.owasp.org
>> Subject: [OWASP-Security101] Scanning Production Services?
>> Message-ID:
>>        <CAHZK5Obq=xAbqc9TOTp+THeCRECEaFTktbCxNjyQm2AsP4Ti_w at mail.gmail.com
>> >
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> What do you do with regard to scanning your production web
>> applications? It seems that at least some scanners can be pretty
>> destructive to a site and database if they do find vulnerabilities.
>>
>> So do you only scan your pre-production environment and then make sure
>> there are no more code changes from the time of the pre-prod scan and
>> when the code goes live on a production server?
>>
>> Thanks.
>>
>> Patrick
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> Security101 mailing list
>> Security101 at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/security101
>>
>>
>> End of Security101 Digest, Vol 3, Issue 8
>> *****************************************
>>
>
>
>
> --
> Sharath
>
> Disclaimer: "This email may feature some ideas that might be a little evil
> or at least require some flexible ethics. Some things will be downright
> horrible, and you should not do them, but are either for your information
> or simply for the point of interest. Your judgment and actions are your
> own, so think before you do anything you read and only use your dark side
> for good."
> ______________________________________________________________________________________________________________________________
>
> [image: Please consider the environment before printing]
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org


More information about the Security101 mailing list