Skip to main content
  1. AeyeScan Support Portal
  2. FAQ
  3. Basic Info.

How can I reduce the impact of vulnerability scans when conducting crawl scans in production environments?

  • Updated

In order to reduce the load on the target site and unintended data changes, please consider the following settings when scanning.

 

・Scanning at a "Slow" speed

To reduce the server load caused by scanning, please scan at a "Slow" scan speed.

This can be set from Scan List > New Scan > Basic Scan Options > Scan Speed.
(If you set the scan speed to "Slow," you will get approximately 10 requests per second)

 

・Set the scan type to "No login required" or "Up to login execution".

Narrowing the scope of the scan can reduce the impact on the site.
This can be set from Scan List > New Scan > Basic Scan Options > Scan Type

 

・Use Safe Mode

When Safe Mode is set to "Standard", it inhibits crawling and scanning of "enquiry function" and "Post to Bulletin Board" on the Pre-Login Page and the "Purchase" function on the Post-Login Page.
(‘Delete’ and "Unsubscribe" functions inhibit crawling and scanning with or without Safe Mode)

If Safe Mode is set to "Strong", only accesses using the GET method, which only obtains information on the target site, are targeted and all other accesses are excluded from crawling and scanning.
Therefore, if you want to minimise the diagnostic impact, e.g. in a production environment, set the safe mode to "Strong".

Note that the POST method of the login process is not exceptionally excluded from the specification, so crawling and scanning including the login function is possible even when the safe mode is set to "Strong".

Safe Mode can be configured from the following.
Create New Scan > Site/Scan Basic Info > Safe Mode

 

・Configure crawl/scan target settings

By configuring the scan target settings, you can set only certain screens or paths to be scanned, or exclude certain screens or paths from being scanned.

Please refer to the following for detailed instructions on how to configure crawl/scan settings.
https://www.aeyescan.help/hc/en-us/articles/37804931815193

 

・Use manual crawls.

By using the manual crawl, only the screens that have been crawled manually can be included in the diagnosis.

Please refer to the following for details on how to use the manual crawl.
https://www.aeyescan.help/hc/en-us/articles/37802917309721

 

Related to

Related articles

Powered by Zendesk