1. Legal and Ethical Scanning
TRaViS scans are conducted within legal and ethical boundaries. Adhere to these practices:
- Permission: Scan only domains or IP ranges you own or have explicit permission to scan (e.g., example.com with customer consent).
- Scope Limits: Respect TRaViS’s scan limits (e.g., 1 domain per bulk scan) to avoid overwhelming target systems or violating terms of service.
- Geographical Restrictions: Avoid scanning in regions with restrictive laws (e.g., EU countries under GDPR) without legal counsel approval.
- Rate Limiting: Schedule scans during off-peak hours to minimize impact on target systems.
2. Compliance with Standards
- OWASP: Align scans with OWASP Top 10 (e.g., A09:2017 - Software and Data Integrity Failures) by reviewing SAST results.
- NIST: Follow NIST SP 800-53 for risk assessment and mitigation using TRaViS’s Deduction Table.
- GDPR: Ensure personal data (e.g., emails from Darknet Intelligence) is handled with consent and deleted when unnecessary.
Best Practices
- Document scan permissions and scope in the TRaViS admin panel notes.
- Consult legal teams before initiating large-scale or international scans.
