We are using the QualysGuard (WAS) to scan our website for different Vulnerabilities. Currently we are using the QualysGuard(WAS) to scan only the public facing elements i.e. the website that is in Production Environment which is accessible by the internet, we are not scanning "QA/Dev" environments that are inside our network.
We are having few Queries related to the WAS scanning in "QA/Dev" environments, as mentioned below:
1) Is it possible to perform the Web Application Scan(WAS) on the QA and DEV environments ?
2) If Yes, then do we only have to point the URL from Production to our "QA/Dev" environment or do we have to do any further modifications in QualysGuard Web Application Scanning (WAS)?
3) Suppose we have the "QA/Dev" environment on a different server, other than the production server then how we can scan the website in QA/Dev environment that are inside our network, which are not accessible by the internet.
Kindly answer the above queries so that we can take the necessary actions to perform the QualysGuard (WAS) scan in QA/Dev environments also.
Thanks in advance,