[OWASP-Security101] Not scanning prod

Patrick Laverty patrick_laverty at brown.edu
Wed Oct 31 16:06:16 UTC 2012


I was asked to scan a web site that we were told is vulnerable. So I'm
copying the site over to my Dev server and each time I manually click
on links, I see it sends my request to production. I went through the
.htaccess file and changed everything to point to my Dev server. It
still goes to prod. I dig in a little further and sure enough, most of
the links in the hundreds of pages are hardcoded to the prod site.

What's the safest way to get around this? Set the /etc/hosts file on
my scanning machine to point to my Dev server? I want to make 100%
sure that my scan never hits the production server.

Suggestions?

Thank you.


More information about the Security101 mailing list