Re: Not scanning production

[Ron Gula <rgula () tenable com>]

Hey there, 

What problem are you trying to solve?

If you are required to scan a production system because of something like
PCI, 
copying it off to the side may be a good place to start to look for holes,
but
in the end, you won't be able to use that for submission.

If only you could tell the 100s of botnets and hackers that scan the site
each
day that its a production site Š.

Ron Gula


On 10/31/12 12:15 PM, "Patrick Laverty" <patrick_laverty () brown edu> wrote:

> Ok, newbie here...
>
> I was asked to scan a web site that we were told is vulnerable. So I'm
> copying the site over to my Dev server and each time I manually click
> on links, I see it sends my request to production. I went through the
> .htaccess file and changed everything to point to my Dev server. It
> still goes to prod. I dig in a little further and sure enough, most of
> the links in the hundreds of pages are hardcoded to the prod site.
>
> What's the safest way to get around this? Set the /etc/hosts file on
> my scanning machine to point to my Dev server? I want to make 100%
> sure that my scan never hits the production server.
>
> Suggestions?
>
> Thank you.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com