Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?
Thanks.
Is it publicly accessible i.e. from the Internet, or is it purely internal?
If it has any kind of external accessibility it's worth scanning. There might not be anything in terms of sensitive data on it, but it can still get hijacked and used as a proxy by the bad guys or provide a back door into your network.
"Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.
Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?
Thanks.
Firstly, who owns the site? You, the service provider or a third party?
If you don't own the site or the network on which the box resides, you may get done under the Computer Misuse Act unless you get explicit consent from the owner of the site and network.
If your company is the best place to work in, for a mere £500 p/d, you can advertise here.
The site is owned by my company but it and the servers it sits on are bought by my company in a 'managed service' agreement, I'm a test manager by the way.
I do realise that it would have to be with the agreement of the service company and at a quiet time.
Comment