afeld
commented
7 years ago OWASP server public IP
Hmm. @18F/cloud-gov-ops Any chance there's a fixed IP range for the Concourse workers?
Closed mzia closed 7 years ago
afeld
commented
7 years ago OWASP server public IP
Hmm. @18F/cloud-gov-ops Any chance there's a fixed IP range for the Concourse workers?
mzia
commented
7 years ago @afeld, basic auth has been removed. Please see if OWASP ZAP can hit the above URL. Also, should we include the production URL as well (secure.login.gov)?
afeld
commented
7 years ago should we include the production URL as well (secure.login.gov)?
If staging is production-like, there's no need.
afeld
commented
7 years ago Enabled!
We want to periodically scan https://staging.login.gov but it has basic auth enabled. To bypass basic auth OWASP ZAP server public IP will have to be whitelisted within the login.gov's staging environment.
CC: @jgrevich @mogul