AnsweredAssumed Answered

WAS Exploitation

Question asked by sploit on Dec 20, 2011
Latest reply on Jan 3, 2012 by sploit

Hi All,


This might be a stupid question so I apologize in advance. When it comes to a WAS vulnerability scan does WAS actually exploit the site? For example if it finds a XSS flaw does it actually inject the script into the site to successfully determine if the vulnerability exists and if I view the site from my own browser will I see the exploit that qualys used?


My query is for websites that I test I need to know what the system owners impact will be and whether or not they'll need to refresh the data once I've completed with my tests.


Appreciate the assistance.