Qualys automated vulnerability scanner is not supposed to do any penetration testing, including vulnerability exploitation attempts as it is ran unattended so must not create any risks of DoS. Trying to exploit some vulnerabilities can jeopardize production systems. This way, such non-intrusive scans are by definition limited to sending completely legitimate requests, checking the responses and then analyzing them based on a vulnerability database.
@Seth Arnold,
Qualys automated vulnerability scanner is not supposed to do any penetration testing, including vulnerability exploitation attempts as it is ran unattended so must not create any risks of DoS. Trying to exploit some vulnerabilities can jeopardize production systems. This way, such non-intrusive scans are by definition limited to sending completely legitimate requests, checking the responses and then analyzing them based on a vulnerability database.