Will Arachni really exploits the threat of my production environment?
Hi,
I would like to know while Arachni doing vulnerability scan. Will
it exploits the threat of my production environment? and make my
website much more "unsafe" or something will be loss?
Thanks!
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 15 Feb, 2016 05:37 AM
Hello,
It's generally not a good idea to scan a production server.
Scanning a webapp could lead to high server stress, even an accidental DoS, or loss of data just by interacting with the web app via the exposed functionality.
If there's a button that deletes data from the DB that functionality will be triggered, if that functionality is flawed or vulnerable in some way that may result in more data being deleted.
It generally depends on the web application, which is why you should either take care to configure the scanner appropriately in order to exclude dangerous functionality or better yet not scan a production env.
Cheers
Tasos Laskos closed this discussion on 15 Feb, 2016 06:40 AM.