As part of a periodic security review, I figured I'd poll fellow Lucee users on their practices when it comes to things like penetration testing, periodic scanning, automated code review, intrusion detection, and load testing, especially in the context of smaller companies where the lines between system administrators and system developers are necessarily blurred. Are there any products or practices that you are using which you would like to share with the community?
I feel that our mishmash of tools, while workable (OpenVAS, Ossec,
loader.io, Trustwave, FuseGuard, FusionReactor) could always be improved, and while I know there are NetSec forums, I was interested in the practices of companies using tools similar to our own.
Thanks!