An article from Dark Reading in there Security section: When it comes to detecting vulnerabilities in mission-critical applications, security professionals often find themselves in a bind. These are usually the applications that the enterprise can least afford to suffer a hack. But at the same time, they are also the applications whose owners are most likely to balk at security testing or scanning probes while they’re live. These opponents to vulnerability scans on production applications point to the near-infinitesimal tolerance for downtime or disruption as reason enough to leave well enough alone. But according to security professionals, someone will eventually find those vulnerabilities and if the organization doesn’t do it first odds are it is the bad guys who will ferret out the flaws.
“Scanning production applications is a challenging proposition, as availability and data integrity are paramount for organizations,” says Wolfgang Kandek, CTO of Qualys. “However, security has become as important as availability, and anyway, attackers are doing their own scanning to map out the assets of the organizations, whether we like it or not.”
To read more click here: