Khushal is right. If they are testing only your website, give them access (whitehat). Many exploits happen from inside organization as well.
You might consider giving them VPN access (IP and User credential limited) to a specific VLAN that only has access to the Website server(s), because, this will be a happening regularly.
If they are testing your website as external hackers(blackbox), then I would suggest not to give them access.
It's really the Business manager who decides though.
Remember, even if vulnerabilities are discovered, then you can go to the developers with something in hand showing what needs to be fixed.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
You might consider giving them VPN access (IP and User credential limited) to a specific VLAN that only has access to the Website server(s), because, this will be a happening regularly.
If they are testing your website as external hackers(blackbox), then I would suggest not to give them access.
It's really the Business manager who decides though.
Remember, even if vulnerabilities are discovered, then you can go to the developers with something in hand showing what needs to be fixed.
Good Luck
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]