We deal with a lot of sites that require vulnerability scanning, but those
are all mostly related to web based applications (including the Omnis JS
client) as they are concerned about PCI etc. Even the “fixes/patches” that
need to happen have nothing to do with our application.
All the scanning itself is done by other 3rd parties (such as
www.sikichlabs.com/). I only mention them as I know some of our
customers use them. I have never used them personally.
We simply tell our corporate clients that the connection is secure between
the client and database (if they choose to use SSL certs), any other
vulnerabilities would be related to the clients own network and they would
need to subscribe to such services. We have never failed a scan when using
secure certificates when communicating to the database.
On Thu, Dec 14, 2017 at 2:35 PM, Jock Philip <firstname.lastname@example.org> wrote:
> Anybody doing vulnerability testing in a client server environment?
> Have a customer that is requiring evidence of vulnerability testing on our
> software whenever we do updates. Oracle database, Studio 188.8.131.52,
> customer’s own network and their own server. Any examples, suggestions,
> tools or anything else of any help?
> Jock Philip [email@example.com
> Vision Chips, Inc.
> 888.517.7779 x 3563
> Developers of OBserver OB/GYN Ultrasound Reporting and Image Archiving
> Manage your list subscriptions at lists.omnis-dev.com
Manage your list subscriptions at lists.omnis-dev.com