Will the scanner negatively impact my website?

DAST performs attacks against your website and mimics the actions of a hacker. This means a Full Scan will be a load on your system. To control this load, use the throttling option in the target configuration.

The attacks performed are non-harmful; DAST will not delete any data or use any drop table commands. So you can run them on all of your systems.

note

DAST advises running full scans on a dedicated staging or test system. However, you can also run them on Production. A Quick Scan will only scan your infrastructure (SSL/TLS configurations, Fingerprinting, Ports, and HTTP Header), and you should run it in your Production or live systems.

Did you find this helpful?