Re: Disabling IPS for PENTEST

[khushal201301 () gmail com]

Hi Kid,

If it is black box security testing, then that corporate should not be allowed. If it is White box means then you can. 
-----Original Message-----
From: Kid Tangerine <kidtangerine () gmail com>
Sender: listbounce () securityfocus com
Date: Mon, 6 Aug 2012 08:57:24 
To: <security-basics () securityfocus com>
Subject: Disabling IPS for PENTEST

All,

Corporate has requested we get a PENTEST for our Internet facing
website from a third party, but the third party asked us to allow
their ip address to be excluded from our IPS.

Is that a common practice to basically turn off our protection and
allow them in?

Obviously we aren't developers, so If the code has sql injections,
cross site scripting, etc vulnerabilities we cannot fix it within the
corporate guidelines, and our only leverage from the IT infrastructure
side is to include the needed filters in the IPS to prevent their
crappy code from being exploited. It we turn off the IPS I am sure all
kinds of things will show up.

Any experience appreciated.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------