Scan Performance (Web Application Scanning)

During a web application scan, the scanning engine monitors the target web application server's average response time. This occurs during all phases of the web application scan, including web crawling and vulnerability tests. If the scanning engine detects a trend showing the average response time from the target web application is becoming slower (response time is increasing), then the scanning engine automatically inserts a delay until the trend is normal.

Your options are:

Maximum. Scan performance is optimized for maximum bandwidth usage resulting in the fastest possible scan time. This level is recommended for internal scans (web application inside your LAN) and high performance, public web sites. As compared to the other levels, more crawling and testing requests are run in parallel and the delay between requests sent to the web application is shorter. Scans at a Maximum performance level may be faster to complete but may overload your network, web server or database. Scanning a web application with limited resources may result in an unresponsive host or web application.

High. Scan performance is optimized for high bandwidth usage.

Medium. Scan performance is optimized for medium bandwidth usage. This level is the recommended setting.

Low. Scan performance is optimized for low bandwidth usage.

Lowest. Scan performance is optimized for the lowest possible bandwidth usage.

Scan Performance Settings

Each scan performance level represents multiple settings. See the table below to compare the settings for each performance level.

* The maximum HTTP processes setting is only applied to the vulnerability testing phase of the web application scan. The web crawling phase always uses a single HTTP process - not the setting displayed in the table. (The packet delay setting is respected for all phases of the web application scan.)