This article will relieve you of the concerns that the scanner may harm your website.
The Crashtest Security Scanner performs attacks against your website, mimicking a hacker's actions. This means a Full Scan will be a load on your system. This load can be controlled via the "throttling" option in our preferences.
The attacks performed are non-harmful; we will not delete any data or use any "drop table" commands. So you can run them on all of your systems.
Note: Crashtest Security advises running Full scans on a dedicated staging or test system; however, they can also be run on Production. A Quick Scan will only scan your infrastructure (SSL/TLS configurations, Fingerprinting, Ports, and HTTP Header), and you should run it in your Production or live systems.