0

Let's say I have a web server exposed on Internet that deals with confidential data and it has high requirements in terms of integrity and availability.

What are the risks to perform a penetration test in a production environment and what precautions I would take into consideration in technical and organisational terms?

DarkSkull
  • 101
  • 3
  • 1
    It sounds like you already know the risks. The precautions are pretty straightforward: don't test your live site. – schroeder May 10 '22 at 14:58
  • If I knew the risks, I didn't make the question. Suppose that I must test on production environment. – DarkSkull May 10 '22 at 15:16
  • The risks are just as you said: breach of data confidentiality, data integrity and system availability. A pentester might find a weakness and gain access to confidential data, or to rewrite data, or bring down the system. – schroeder May 10 '22 at 15:54
  • Potential duplicate: https://security.stackexchange.com/questions/241010/how-can-we-safely-allow-a-client-to-perform-penetration-testing – schroeder May 10 '22 at 15:59

0 Answers0