Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?
Thanks.
Thanks.
-
-
Originally posted by grey_lady View Post
Is it publicly accessible i.e. from the Internet, or is it purely internal?
If it has any kind of external accessibility it's worth scanning. There might not be anything in terms of sensitive data on it, but it can still get hijacked and used as a proxy by the bad guys or provide a back door into your network."Being nice costs nothing and sometimes gets you extra bacon" - Pondlife. -
It's publicly accessible - thanks.Comment
-
Firstly, who owns the site? You, the service provider or a third party?Originally posted by grey_lady View Post
If you don't own the site or the network on which the box resides, you may get done under the Computer Misuse Act unless you get explicit consent from the owner of the site and network.If your company is the best place to work in, for a mere £500 p/d, you can advertise here.Comment
-
The site is owned by my company but it and the servers it sits on are bought by my company in a 'managed service' agreement, I'm a test manager by the way.
I do realise that it would have to be with the agreement of the service company and at a quiet time.Comment
-
-
Whatever you do, before you run anything get permission to do so from all parties concerned in writing.Originally posted by grey_lady View PostBehold the warranty -- the bold print giveth and the fine print taketh away.Comment
Comment