When performing diagnostics on a production site that is open to the public, it is necessary to mitigate as much as possible the risk of load on the target site and unintended data changes.
This article provides minimum points to keep in mind when diagnosing to the production site.
*Since the production site is overloaded when performing scans, we recommend diagnostics in a test environment if possible.
| Index
Before you begin your diagnosis
Check the following two events that may occur by running diagnostics and take preliminary action if necessary.
- Changes occur in the data
The data of the target system may change.
Therefore, we recommend that you back up your system and data in advance. -
Large amounts of data are registered and emailed.
Depending on the functionality of the target site, a large amount of data may be registered in the target system when the scan is executed.
Also, in the case of inquiry functions that involve sending e-mail, etc., please contact the person in charge of receiving e-mail or the server administrator in advance, as a large volume of e-mail may be sent.
Please consider excluding the scanner from the scan if it will have an impact.
※We have prepared a "Security Questionnaire" that outlines the items to be checked in advance of conducting the diagnosis, as described above.
Please download the file from the link below and use it.
https://www.aeyescan.help/hc/en-us/articles/37805546084249
Diagnostic Steps
1. Set runtime options
Scan List > Create New Scan > 「Site/Scan Basic Info.」, set the following
-
Basic Scan Options > Scan Speed
Select "Slow" to reduce the load.
-
Basic Scan Options > Safe Mode
If you select “Standard” in Safe Mode, you can suppress crawling in the following functions.
-Page before login:Inquiry、Posting on bulletin boards, etc.
-Page after login:Deletion, etc.
When “Strong” is selected, only the GET method, both before and after login, will be crawled, and all other crawls and scans will be excluded.
*Allow POST access only for login processing.
-
Crawl / scan target setting
You can set the screens you want to exclude from the crawl/scan.
For more information, please refer to the FAQ below.
https://www.aeyescan.help/hc/en-us/articles/37804931815193
2. Start crawl only
Scan Details > Status "▶Wait" > "Crawl/Scan", Select "Crawl Only" and click "Start".
By performing only a crawl, it is possible to re-scrutinize the screens to be excluded from the diagnosis
before the scan is performed (step 3.).
3. Scrutinize Pages to be excluded from diagnosis (after crawl and before scan)
After the tour is completed, screen diagrams are checked and re-examined to determine
if there are any screens that should be excluded from the diagnosis.
Please refer to the FAQ below for the procedure to disqualify.
https://help.aeyescan.com/en/support/solutions/articles/67000694716
4. Check speed settings and start scanning
Scan Details > Status "▶Crawled" > "Crawl/Scan", Make sure "Crawl/Scan Speed" is set to "Slow",
then click "Start".