Factors leading to longer scan times
Various factors can affect DAST scan times, including network bandwidth, the presence of a Web Application Firewall (WAF), and security controls like Captcha. DAST scanning is a reactive process, and its duration is heavily influenced by the application's environment. These elements can impact both the results and the coverage of the scan.
This document explores the common factors that contribute to prolonged scanning durations.
Common causes for extended scan times
Key issues such as slow page load times, intermittent application availability, repeated attacks on similar pages, and limited resources for the on-premises agent can all impede the scanning process.
Slow page load times
When webpages take a long time to load, it can significantly delay the scanning process. This is often caused by large media files, complex scripts, or poor server performance, which can increase the time it takes for each page to be fully rendered and scanned.
Intermittent application availability during the scan
If the application being scanned experiences periods of unavailability or downtime, the scanner may have to repeatedly attempt to access the application, leading to delays. This can occur due to server issues, maintenance, or network instability.
Repeated attacks on similar pages
When Invicti Enterprise targets similar pages or endpoints multiple times, it can consume additional time. This often happens in complex applications with similar structures.
Limited resources for the on-premises agent
The on-premises agent responsible for conducting the scan may have limited computational resources such as CPU, memory, or bandwidth. This can slow down the scanning process, especially if the scan involves a large number of pages or extensive data processing. Insufficient resources can cause the agent to struggle with handling the workload efficiently.
NOTE: After conducting several scans, if you notice that scan durations consistently exceed 24 hours or reach the default maximum scan duration of 48 hours, it is essential to investigate the underlying reasons. Scans that exceed 6-14 hours should also be reviewed for potential optimization opportunities. |
Regardless of the underlying causes, it is crucial to prioritize comprehensive coverage in your scans. While it might be tempting to reduce scan coverage to achieve faster results, this approach is not recommended, especially for initial DAST scans intended to establish a robust application security program.
To ensure thorough coverage, review the Sitemap or the Crawled URLs report. Once you have confirmed that your scan encompasses all necessary areas, refer to our documentation for guidance on reducing scan times.