How to Disable Brute-Force Rules in Your Vulnerability Scanning

At Astra, we understand that different organizations have different security policies. Some of our automated vulnerability scan rules include brute-force testing to simulate real-world attack scenarios. However, if your environment restricts such testing, you can disable these rules at your discretion.

This guide outlines how you can manage or disable brute-force rules in your automated scanning.

List of Brute-forcing Scanner Rules

• Email Enumeration in Login Page

• Bruteforceable Login Page

• Missing Rate Limit on Forgot Password

• Possible name Enumeration

🧾 Raise a Support Ticket

If you're unsure about disabling rules or want us to configure it for you, please raise a support ticket. Our team will promptly assist you in customizing your scanner configuration. Please find the documentation for doing so here

💡 FAQs

Q: Will disabling brute-force rules affect the accuracy of the scan?
A: Only for vulnerabilities related to credential security. Other types of vulnerabilities (e.g., XSS, SQLi, misconfigurations) will still be detected.