The main purpose behind scanning an application once it’s live is to ensure that the code, operating environment, and configuration and security controls put in place to protect it are working as expected and providing the necessary level of confidentiality, integrity, and availability. However it can be fraught with problems, and because of this it is often neglected, even slipping off the to-do list completely.
Scans can and will disrupt normal operations unless proper precautions are taken. The main risks are:
- Failure, disruption or reduced performance of the application or connected systems
- Data loss or modification
- Disclosure of data to unauthorized parties
- Test data affecting reports and statistics
- Initiation of irreversible real-world processes
- Triggering of automated responses, countermeasures, and incident handling processes - though testing these may be an objective of the scan
- Reduced awareness of a real incident during the scan
- Violation of legal obligations
This e-book explores how many of these risks can be avoided with careful planning and by focusing your scans on exploring where and how a system is vulnerable to attack and not trying to simulate an actual attack. Continue reading to learn more about scanning production applications.
- Vendor:
- IBM
- Posted:
- Feb 8, 2021
- Published:
- Dec 7, 2010
- Format:
- Type:
- eBook
