Skip to first unread message
Juan Aguilar
Feb 24, 2015, 4:16:30 PM2/24/15
to lu...@googlegroups.com
As part of a periodic security review, I figured I'd poll fellow Lucee users on their practices when it comes to things like penetration testing, periodic scanning, automated code review, intrusion detection, and load testing, especially in the context of smaller companies where the lines between system administrators and system developers are necessarily blurred. Are there any products or practices that you are using which you would like to share with the community?
I feel that our mishmash of tools, while workable (OpenVAS, Ossec, loader.io, Trustwave, FuseGuard, FusionReactor) could always be improved, and while I know there are NetSec forums, I was interested in the practices of companies using tools similar to our own.
Thanks!
mike...@gmail.com
Mar 5, 2015, 5:57:03 PM3/5/15
to lu...@googlegroups.com
This is a really interesting scanner I have been playing with...
It is Eclipse RCP based, and allows you to write new scan tests in JS.
Also, ModSecurity is an invaluable tool, though incredibly underused, misused and often unappreciated for it's power, much like the Regular Expression language that makes it so powerful.
Would love to talk more with other security minded nerds on this stuff as I have dug deep in this area the past couple years and very much enjoy it.
Mike.
Reply all
Reply to author
Forward
0 new messages