[OWASP-Security101] Not scanning prod

Jim Manico jim.manico at owasp.org
Wed Oct 31 21:38:43 UTC 2012


Rebuild the site to have "relative" links. A dev site that links to
production is not a dev site. Seriously, escalate this problem up the
chain. It's a serious problem.

Aloha,

--
Jim Manico
(808) 652-3805

On Oct 31, 2012, at 12:08 PM, Patrick Laverty <patrick_laverty at brown.edu> wrote:

> I was asked to scan a web site that we were told is vulnerable. So I'm
> copying the site over to my Dev server and each time I manually click
> on links, I see it sends my request to production. I went through the
> .htaccess file and changed everything to point to my Dev server. It
> still goes to prod. I dig in a little further and sure enough, most of
> the links in the hundreds of pages are hardcoded to the prod site.
>
> What's the safest way to get around this? Set the /etc/hosts file on
> my scanning machine to point to my Dev server? I want to make 100%
> sure that my scan never hits the production server.
>
> Suggestions?
>
> Thank you.
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org


More information about the Security101 mailing list