Will Arachni really exploits the threat of my production environment?

Machi's Avatar

Machi

15 Feb, 2016 04:58 AM

Hi,
I would like to know while Arachni doing vulnerability scan. Will it exploits the threat of my production environment? and make my website much more "unsafe" or something will be loss?

Thanks!

  1. Support Staff 1 Posted by Tasos Laskos on 15 Feb, 2016 05:37 AM

    Tasos Laskos's Avatar

    Hello,

    It's generally not a good idea to scan a production server.
    Scanning a webapp could lead to high server stress, even an accidental DoS, or loss of data just by interacting with the web app via the exposed functionality.
    If there's a button that deletes data from the DB that functionality will be triggered, if that functionality is flawed or vulnerable in some way that may result in more data being deleted.

    It generally depends on the web application, which is why you should either take care to configure the scanner appropriately in order to exclude dangerous functionality or better yet not scan a production env.

    Cheers

  2. Tasos Laskos closed this discussion on 15 Feb, 2016 06:40 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac