miyahira
asked on
Is it needed userid and password for testing vulnerabilities in a website?
We are a company that has many web application developed in ASP.NET. Our Internet Service Provider (Telefonica) wants to test our web sites looking for vulnerabilities. For that, they are asking us to provide them userid and password (read-only access) for each web site.
It's the first time that I heard that for testing vulnerabilities in websites you need to inform userid and password to an IPS. Is it not supposed that for testing vulnerabilities you should try to break or hack websites without knowing that precious info?
Or maybe that is difference between Vulnerability Testing and Penetration Testing?
It's the first time that I heard that for testing vulnerabilities in websites you need to inform userid and password to an IPS. Is it not supposed that for testing vulnerabilities you should try to break or hack websites without knowing that precious info?
Or maybe that is difference between Vulnerability Testing and Penetration Testing?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
https://community.qualys.com/thread/11562
Any experience with that kind of scans?