Generic Response on Scan Deviation & Vulnerability Deviation
Hi Client
Indusface WAS (web application scanner) carries out daily/scheduled/on-demand scans for your external facing web application hence our scanner is lightweight, our attacks are non-evasive and have a low impact on the web application and do not affect the website performance
A scanner is built on a predefined logic and it follows a black box approach, but in order to be effective (i.e. not miss too many/false negatives) it has to strike a balance between missing things and reporting false positives and we constantly work to build the right balance.
Below are some of the reasons why an automated scanner would show some variation, which is beyond our control.
- Server load problem: if the server is out of resources the web application might not be responding to all the HTTP requests from the scanner, hence generating timeouts.
- HTTP Error 500 / Internal Server Errors that occur randomly due to a session state problem, database server load, current CPU load etc.
- The session gets killed during the scan because of application memory recycling, server restart, and error recovery features in the web servers and the scanner cannot recreate the session.
- Different caching algorithms.
- Web Application Firewalls, IPS and other similar perimeter controls block (or inconsistently respond) to the scanner's HTTP requests.
- Reverse Proxy / Proxy connection failures,
- Bandwidth availability or connection timeout during the scan
- Presence of Load balancers
- Scanners are not able to crawl a particular page due to web application logic
- If any rate limiting is applied to your server origin or your network perimeter devices where after certain requests, the IP will be blocked.