<div style="white-space:pre-wrap">Everyone,<br><br>If you're doing pen testing involving vulnerability scanning, SQL injection, malicious code injection then setup an environment that replicates as closely to production as possible.<br><br>There's a suite of deployment tools and methodologies out there that allow you to get these as close as possible. (Docker, kubernetes, rancher, CI/CD processes. Etc )<br><br>Once you're at least semi confident tables and other data won't drop and that your backups are solid and working then you can test on production.<br><br>There's zero excuses to not have a staging or production replica you could test on without affecting actual production.<br><br>Take queue from companies like Netflix, Shopify and google who have tools like OSS toxiproxy and OSS chaos monkey who regularly destroy things in production with the purpose that production should never go down.<br>(Like Netflix who regularly replicates whole availability zone outages at random using OSS chaos gorilla)<br><br><br>But seriously, get everyone in the company aware of your pen testing.....</div><br class="gmail_msg"><br class="gmail_msg">--karl. <br class="gmail_msg"><div class="gmail_quote gmail_msg"><div dir="ltr" class="gmail_msg">On Thu., 1 Dec. 2016 at 9:59 am, Robert Hudson <<a href="mailto:hudrob@gmail.com" class="gmail_msg" target="_blank">hudrob@gmail.com</a>> wrote:<br class="gmail_msg"></div><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_msg">For anyone doubting that you need to seek official approval before starting to test things...</div><div class="gmail_msg"><br class="gmail_msg"></div><a href="https://en.wikipedia.org/wiki/Randal_L._Schwartz#Intel_case" class="gmail_msg" target="_blank">https://en.wikipedia.org/wiki/Randal_L._Schwartz#Intel_case</a></div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg">On 1 December 2016 at 09:52, Bob Purdon <span dir="ltr" class="gmail_msg"><<a href="mailto:bobp@purdon.id.au" class="gmail_msg" target="_blank">bobp@purdon.id.au</a>></span> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-AU" link="blue" vlink="purple" class="gmail_msg"><div class="m_4546372612145070835m_-5143005248488776051m_-7918244599301168407WordSection1 gmail_msg"><p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="gmail_msg"><u class="gmail_msg"></u> <u class="gmail_msg"></u></span></p><div class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg"><p class="m_4546372612145070835m_-5143005248488776051m_-7918244599301168407MsoListParagraph gmail_msg" style="margin-bottom:12.0pt"><u class="gmail_msg"></u><span style="font-size:11.0pt;font-family:Wingdings" class="gmail_msg"><span class="gmail_msg">Ø<span style="font:7.0pt "Times New Roman"" class="gmail_msg"> </span></span></span><u class="gmail_msg"></u>Be aware that running penetration tools just to see what happens can lead to spectacular outages and questions of who authorised this.<u class="gmail_msg"></u><u class="gmail_msg"></u></p></div></div></div><div class="gmail_msg"><p class="MsoNormal gmail_msg">Absolutely – I have seen something as simple as an nmap port scan tickle a latent bug and cause widespread service interruptions.<u class="gmail_msg"></u><u class="gmail_msg"></u></p></div></div></div><br class="gmail_msg">_______________________________________________<br class="gmail_msg">
AusNOG mailing list<br class="gmail_msg">
<a href="mailto:AusNOG@lists.ausnog.net" class="gmail_msg" target="_blank">AusNOG@lists.ausnog.net</a><br class="gmail_msg">
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br class="gmail_msg">
<br class="gmail_msg"></blockquote></div><br class="gmail_msg"></div>
_______________________________________________<br class="gmail_msg">
AusNOG mailing list<br class="gmail_msg">
<a href="mailto:AusNOG@lists.ausnog.net" class="gmail_msg" target="_blank">AusNOG@lists.ausnog.net</a><br class="gmail_msg">
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br class="gmail_msg">
</blockquote></div>