We get this question a lot: What are the risks involved in performing a Full Website Scan?
The tests performed by the Full Website Scanner are called intrusive because they have the potential of being flagged as attacks by various protection systems (ex. IDS, firewalls, etc).
The tests do not attempt to exploit any vulnerability but they perform a much more in-depth scanning than the Light scan, sending up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.
You can find the complete list of tests performed by the full scan at the bottom of the website scanner tool page.
Could we suffer from a Denial of Service?
Our tools do not produce Denial of Service either. Here you can see details about the peak load produced by the scans. Any properly configured web server should handle these requests without any problem.