Risks in performing a deep website scan

We get this question a lot: What are the risks involved in performing a Deep Website Scan?
Written by Victor Pisarciuc
Updated 5 months ago

The tests performed by the Deep Scan mode are called intrusive because they have the potential of being flagged as attacks by various protection systems (ex. IDS, firewalls, etc).

The tests do not attempt to exploit any vulnerability but they perform a much more in-depth scanning than the Light scan, sending up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.

You can find the complete list of tests performed by the deep scan at the bottom of the website scanner tool page.

Could we suffer from a Denial of Service?

Our tools do not produce Denial of Service either. Here you can see details about the peak load produced by the scans. Any properly configured web server should handle these requests without any problem.

Did this answer your question?