As Application Scanning performs simulated hacker attempts on web applications, it is possible that it causes unwanted side effects. In this article we provide some suggestions on how to change the scan’s behavior, in order to not cause any negative impact on your web application.
By default, we scan your site as fast as possible with the limited resources we provide for our scans. For some web applications that are sensitive this may impact the performance, or potentially cause downtime. If you notice such an effect from our scans, it is recommended you set a limitation on the number of requests per second.
Please consider that, if your web application is impacted by our scan, it can be considered as a potential vulnerability to Denial-of-Service (DoS) attacks.
Spamming contact forms
If you have contact forms that generate emails or issues in your ticketing system, it is possible that we visit and send them in even multiple times during the scan. To prevent that from happening, you can:
Block visiting the URL with the contact form by setting it as a avoided path.
Block form submission for Detectify in your web application. You can use specific rules in either the application code or Web Application Firewall (WAF) to specifically prohibit the request that is sent in the form. You can identify Detectify’s requests by user agent or source of network traffic.
Please note that if our scanner can spam your contact form, then anyone else could do the same and in that sense, it could be considered a vulnerability.