During the scan process, the Barracuda Vulnerability Remediation Service tests all of the functionality of your web application, including pushing buttons and entering text. This might lead to unintended results, depending on the configuration of your web application and the scan.
Consider the following suggestions to stave off potential side effects:
- Scan using non-administrative credentials. Scans run with full administrative credentials will have privileges to access all areas of your web application. This could result in changing settings or states.
- If you want to scan using administrative credentials, scan a staging or test environment. In this way, the scanner has full access to all features, but you eliminate any risk of side effects on your production environment.
- Exclude sensitive areas if there are areas of your application that you do not want tested. When creating a new scan, use the Exclusions tab to exclude IP addresses, URL patterns, and file extensions. Refer to How to Create a New Web Application Scan for details.
- Back up your data first. If you are concerned about your data, back it up before starting a scan.
Note: The Barracuda Vulnerability Remediation Service includes built-in overload protection. If, during the scan, your server exhibits signs of overloading, such as slow response time, the Barracuda Vulnerability Remediation Service will automatically reduce scan speed. For your protection, this feature cannot be turned off.