There are two types of implications you should be aware of before performing a security scanning on any target.
1- Automation issues
Automated security testing tools (including SmartScanner) try to send different data to the server. They submit forms with arbitrary data; they send different values for each parameter, cookie, and header. This can lead to the below side effects:
- Denial of Service (DoS) of the testing target
- Spamming the target’s database with bogus data
- Causing malfunction or instability of the target
- Triggering alarms in security systems like WAF
To avoid the above problems or any other issues, you should use SmartScanner and other automated testing tools in testing or pre-production environments where data or system stability is not a concern.
2- Legal issues
In many countries, unauthorized security scanning can get you in trouble. You might get sued by the owner of the scanned system if you don’t have the required permission. Make sure you have a written agreement with the owner of scanning target before starting a scan.