I'm new to WAS, and working on setting it up to scan our sites hosted on AWS. To avoid the need to request penetration testing permission for each scan, I have deployed the virtual scanner appliance to my VPC, and I am using this for WAS scanning.
This is working to scan the EC2 instances directly, however because it is bypassing the ELB, the traffic is HTTP only and thus produces some false positives (eg. QID 150053 - Login Form Is Not Submitted Via HTTPS).
I could simply mark the false positives to be ignored, however I'd rather be testing more accurately, so another idea I have had is to use the private IP of the ELB as the application address and scan that. I've checked from within the VPC, and connecting to the private IP does serve up the website using HTTPS, so it would be possible for the scanner to do this.
So my question is: has anyone else done this, and do they know if this would be permitted when using the pre-authorised scanner appliance? Or would scanning the private IP address of ELB still be considered as needing explicit approval from AWS? Any other options?
Thanks in advance for any advice.