Today I killed a production website by pointing a webapp vulnerability scanner at it. The unexpected stress brought the appserver to its knees while revealing some holes. Luckily my more tactical colleagues came to the rescue and had the website back up in minutes -- after I had killed the scan -- but this opened two cans of worms.
An obvious need for the design and implementation of 1) stress/load testing, and 2) vulnerability/penetration testing in regular operations. These (2) needs are usually ad hoc. Both need to be part of processes in certification for release.
On another note, I was using the awesome open source tool called w3af. :)
An obvious need for the design and implementation of 1) stress/load testing, and 2) vulnerability/penetration testing in regular operations. These (2) needs are usually ad hoc. Both need to be part of processes in certification for release.
On another note, I was using the awesome open source tool called w3af. :)
No comments:
Post a Comment