Highlighted
Commander
Commander
202 views

Production Scan Approach and Risks

Hello, 

We have WebsInepct stand alone version that we use to scan our lower environments before a site/code is deployed to production. Now, we would like to scan production sites as carefully as we can.

Besides having a read-only user for authentication, I was wondering if there is any specific approach you follow  before scanning anything in production? such as using specific built-in scanning policy or create your own? the thing we are concerned about the most is WI injecting data and making changes to underlying code.

Thanks in advance. 

MR.

 

 

0 Likes
2 Replies
Highlighted
Lieutenant Commander Lieutenant Commander
Lieutenant Commander

We created custom policy for scanning our production sites. We started the the Passive Scan policy and added some other checks that we felt were safe to use. Some of the checks added were for TLS issues. We did not add anything related to XSS or SQL Injection and we are not submitting any forms.

This does not provide us with a full assessment, but does give us some insight into the risk level of these sites.
0 Likes
Highlighted
Commander
Commander

Thank you for sharing this piece of info with us. Looking forward to other responses and thoughts.  

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.