During the scan process, Barracuda Vulnerability Manager tests all of the functionality of your web application, including pushing buttons and entering text. This might lead to unintended results, depending on the configuration of your web application and the scan.
Consider the following suggestions to stave off potential side effects:
- Scan using non-administrative credentials. Scans run with full administrative credentials will have privileges to access all areas of your web application. This could result in changing settings or states.
- If you want to scan using administrative credentials, scan a staging or test environment. In this way, the scanner has full access to all features, but you eliminate any risk of side effects on your production environment.
- Exclude sensitive areas if there are areas of your application that you do not want tested. When creating a new Barracuda Vulnerability Manager scan, use the Exclusions tab to exclude IP addresses, URL patterns, and file extensions.
- Back up your data first. If you are concerned about your data, back it up before starting a scan.