We have WebsInepct stand alone version that we use to scan our lower environments before a site/code is deployed to production. Now, we would like to scan production sites as carefully as we can.
Besides having a read-only user for authentication, I was wondering if there is any specific approach you follow before scanning anything in production? such as using specific built-in scanning policy or create your own? the thing we are concerned about the most is WI injecting data and making changes to underlying code.
Thanks in advance.