Looking to scan a non-prod instance of an existing Web App. Do i need to create a brand new web-app for this, or can I use the DNS override feature? If so, how does that work?
I agree that you could use a DNS override on the existing web app profile to scan the non-prod version. However, if you have available licenses, it's probably cleaner to create and maintain a separate profile. You can use "Save As" on your existing profile and then edit it as needed. The authentication records would normally be different too (assuming you're using auth).
DNS override is like editing the hosts file on Windows if you are familiar with that feature. typically on Windows say you wanted to go to www.qualys.com (188.8.131.52) . Which is fine but what if I had a test site up and did not want to change a test or something I had. I could edit the hosts file and create an entry like:
What will happen is that when you try to resolve the entry www.qualys.com via DNS the hosts file entry will basically take precedence and that will be the address returned to the browser.
You could use this in your web application scanning and actually have several entries. These are select-able at scan time.
Just keep in mind that you are testing different sites so you need to report on the scan not the application as it will now have a different meaning.
Typically I would be setting up an application that would be exposed at some point so I setup the application with the proposed DNS and then give the internal IP of the web application. Now I can scan internally. Once they are cleared to be exposed I just change the scanner to external and remove the DNS override. DONE.
Helps makes things a little cleaner sometimes.
Retrieving data ...