Can you please tell me what is the difference when we do credential scan and normal scan for the same web application?
Please note in the interface, it specifies the limitations to only NetBIOS and FTP.
For example, when scanning a portal with 1000 users, if the crawler gains access to the portal, it will initiate SQL injection and command execution checks.
This could potentially lead to data manipulation or loss. Therefore, it is advised that customers perform a full backup before proceeding.
However, it is often the case that most customers will not follow this recommendation.
Performing a credential scan on a web service could also result in data loss, which is why this feature is not enabled.
Protecting customer data is of utmost importance.
In the future, we might consider enabling this feature, accompanied by a prominent red warning advising customers to either perform a full backup or conduct scans only on pre-production systems.
Comments
0 comments
Please sign in to leave a comment.