Scan intensity

During a WAS scan, HTTP requests are sent over the wire from the WAS scanning engine to the web application server. For the scanner to crawl and test the web application that you would like to scan, the scanner has to make various requests to collect the links and then test the links in order to check for various vulnerabilities. The requests the scanner makes to collect and test the links of the web application constitute the HTTP request.

Good to Know

We recommend you start with a lower intensity setting

WAS scanning happens very quickly - faster than a human would

WAS automatically slows down requests if average response time gets slower

The scan intensity setting impacts the number of HTTP requests generated

 

Scan intensity settings

Maximum - Scan performance is configured to finish in the fastest time possible.

Important This setting is recommended for internal scans (web application inside your LAN) and high performance, public web sites. Scans may be faster to complete but may overload your network, web server or database. Scanning a web application with limited resources may result in an unresponsive host or web application. How many requests?

High - Scan performance is optimized for high bandwidth use. How many requests?

Medium - Scan performance is optimized for medium bandwidth use. How many requests?

Low - Scan performance is optimized for low bandwidth use. How many requests?

Lowest - Scan performance is optimized for the lowest possible bandwidth use. How many requests?

 

 

Maximum

High

Medium

Low

Lowest

Number of HTTP threads used to scan each host (applies to vulnerability scan only)

10

7

5

2

1

Delay between requests (in milliseconds)

0.0

0.0

0.2

1.0

2.0

About delay between requests

The delay between requests that you configure is the delay introduced by WAS in between the scanning engine requests sent to the applications server.

- When scan intensity is set at Maximum (pre-defined) or 10 (custom), it means that the scan is configured to finish at the fastest time possible. In this setting the packet delay is set to 0 seconds (no packet delays). This means scanner does not introduce any delay between its requests to the web application server. The requests are sent with out any wait times in between the various requests.

- When scan intensity is set to High, the scanner will not introduce any packet delays.

- When scan intensity is set to Medium, the packet delay is set to 0.2 seconds. This means in between the various requests to the application server, the WAS scanning engine will introduce a small delay of 0.2 seconds.

- When the scan is configured to be launched at the Low intensity the packet delay is 1 second. This means there will be a 1 second delay introduced by WAS engine between the various requests to the web application server.

- For a scan configured to be launched at the Lowest intensity the packet delay is 2 seconds.

Loading a site's pages

The maximum number of requests that WAS can have live on the wire is 10 requests. This means that a single request can only spend 25 milliseconds between any network delay, target delays in processing the request and generating a response, as well as any processing of the response that occurs within WAS.

Using a tool like http://tools.pingdom.com to measure the time it takes to load a page, you will find that even sites like https://www.google.com, which are highly optimized, take over 700 milliseconds to fully load due to the different analytic packages that are also being loaded by this single page.