Production Scan Approach and Risks
We have WebsInepct stand alone version that we use to scan our lower environments before a site/code is deployed to production. Now, we would like to scan production sites as carefully as we can.
Besides having a read-only user for authentication, I was wondering if there is any specific approach you follow before scanning anything in production? such as using specific built-in scanning policy or create your own? the thing we are concerned about the most is WI injecting data and making changes to underlying code.
Thanks in advance.
This does not provide us with a full assessment, but does give us some insight into the risk level of these sites.