Skip to content

Preparing to scan production applications

The following preliminary steps should be followed to scan resources:

  1. The IP address of the scanner must be added to the white list on WAFs and other security tools that can block traffic.
  2. It is recommended to get permission from the resource owner to scan in the selected time interval, as:
    • Scanning creates additional load on the application, which may exceed the design load. This can be adjusted by the RPS parameter.
    • Scanning can cause many errors in the application's monitoring system, which may lead to a violation of the internal SLA of the operation service.
    • Requests to API elements of the scanned application that cause unwanted external reactions, such as sending emails, sms, sending requests to related systems, may appear. Such requests to APIs can be identified in advance with the resource owner and added to the list of URL restrictions.