Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Disabling IPS for PENTEST

From: savvy95 () gmail com
Date: Mon, 6 Aug 2012 14:53:40 GMT
Khushal is right. If they are testing only your website, give them access (whitehat). Many exploits happen from inside 
organization as well. 

You might consider giving them VPN access (IP and User credential limited) to a specific VLAN that only has access to 
the Website server(s), because, this will be a happening regularly. 

If they are testing your website as external hackers(blackbox), then I would suggest not to give them access. 

It's really the Business manager who decides though. 

Remember, even if vulnerabilities are discovered, then you can go to the developers with something in hand showing what 
needs to be fixed. 

Good Luck

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: