re: If you were tasked to conduct a security audit on a server/database-backed web app, where would you start? VIEW POST

FULL DISCUSSION
 

I always start with an inventory, then check patch levels of everything. Then verify backups and logging.

code of conduct - report abuse