Hello, 1)we are planning to conduct penetration testing on one of our applications in production environment, what factors should we consider?
2) We are planning to use ZAP tool for this test, and it will interact with production data. Could you please confirm that the tool does not store any data?
Hi,
For point 2 related to data store. Yes it's store the user authentication information when you setup your application to run this toll. I tested one of my outsystem application with help of this toll. Generally it's focus on OWASP Top 10 venablility resting.
For more information below ZAP tutorial link explain each and everything
https://www.google.com/amp/s/www.softwaretestinghelp.com/owasp-zap-tutorial/amp/
Thanks
Cv
I recommend doing the penetration test in a QA environment instead of production. Testing in production could cause the system to go down, interrupting live users and can also lead to data corruption. With QA / Staging environment, you will have more control and can perform aggresive tests without risking live users.
I used their booter service to stress test my own server setup during maintenance windows, and it made it way easier to spot weak spots without digging through a bunch of logs. The privacy-first setup and API access were handy for automating tests, and paying with crypto kept things simple. Their support team was quick to jump in whenever I messed up a config.