⚠️ Authenticated web application scanning. If you're thinking of adding authentication for an admin user, please read this article first: Adding an admin user when adding Authentications
If you're worried about our scanning bringing a system offline or causing heavy traffic to a production system, rest assured that Intruder's scanning engines are configured to be safe to use – even when scanning production systems.
What about DoS?
When it comes to denial of service (DoS) vulnerabilities we test for them, but don’t exploit them so no need to worry about your systems being taken offline.
What about Authenticated web-app scanning?
Before we jump straight in, it's worth understanding exactly what happens when you kick off an authenticated scan:
Our scanner crawls all pages within your application
Identifies different points where data can be sent to your application
Sends data (and crafted requests) to the application
Checks responses to see if there has been any successful exploitation or any vulnerabilities exist
Since the scanner will attempt to send different types of data to pages behind the login page, it's worth considering what kind of functionality the scanner will be able to interact with and what processes might be triggered. For example:
Creating an entry in our IT help desk ticketing system
Sending Slack/Teams messages
Sending requests to third-party organisations
If you choose to scan an application which has this sort of functionality you may see an increase in submissions as the scanner attempts to send multiple requests in a short timeframe.
For this reason, we always err on the side of caution and recommend scanning test environments, or those connected to a test harness. Though we don't recommend it, if you're wanting to add admin credentials, then please read this first.
How do I cancel a scan
If you ever need to cancel a scan, just use the control panel on the scans page:
Can I throttle a scan?
Yes! If you know of any significant resource constraints on a certain system or reasons why your system may not respond well to a peak in traffic, Intruder does offer a throttled scan setting which can be used to scan at slower speeds. This shouldn't be required normally, but may be helpful when scanning certain problematic hosts.
Can I limit the ports that get scanned?
This would be especially helpful for those users with Authentication licenses, that want to limit scanning to just the application (and not the broader infrastructure).
If you have any further questions around how Intruder's scans might affect your systems, please contact us in the in-app chat box.