We are using the QualysGuard (WAS) to scan our website for different Vulnerabilities. For now we are using the QualysGuard(WAS) to scan only the production environment which are public facing elements that are accessible by the internet. We also want to perform the QualysGuard "Web Application Scanning(WAS)" for our Development(Dev) environments that are inside our network.
For this we want to clear few of our doubts related to the WAS scanning in "Dev" environments, as mentioned below:
1) Can we perform the Web Application Scan(WAS) on the "Dev" environments where the web application is hosted on the local system IIS i.e. application which is not accessible through internet?
2) If we have to perform web application scan(WAS) of our (Dev) sites then do we have to use the QualysGuard Virtual Scanner or Offline Scanner as our site is not directly accessible from internet? Is there any other tool provided by QualysGuard to perform the "Web Application scan(WAS)" for Locally hosted websites?
Kindly answer the above doubts that we have so that we can go ahead with the appropriate steps necessary to perform the QualysGuard WAS scan for the "Dev" environment in our local environment for vulnerability detection.
Thanks in advance,