Skip to main content
availability

Package: Invicti AppSec Core (on-demand)

Configure target scan profile and speed

Tune how thoroughly Invicti AppSec scans a target so you get useful coverage without overwhelming the application. This document explains how to choose a scan profile, pick a scan speed, and cap total scan duration on the target's Scan configuration tab.

Open the page before you change these settings:

  1. From the left-side menu, select Inventory > Targets.
  2. In the targets list, select the target you want to update.
  3. On the target details page, select Scan configuration.

Why this matters

If scan profile and speed don't match your target, scans either run too shallow and miss paths or run too aggressively and disrupt normal traffic. A realistic duration limit also prevents stale scans from consuming capacity for too long. Setting these values up front gives your team predictable scan behavior.

Choose the right scan profile depth

In Default scan profile, select the profile that matches how deep you want to test this target.

  • Use Full Scan when you want broad and deep coverage for regular security assessment.
  • Use a lighter profile when you need quicker feedback and can accept narrower coverage.
Manage scan profiles

The dropdown lists profiles defined for your account. To add a new profile, edit an existing one, or review what each profile covers, go to Scans > Scan profiles, then come back and select the profile on this target. For more on built-in options, see Default scan profiles; for creating, editing, or deleting your own, see Custom scan profiles.

If this target includes LLM features such as chat or prompt-based workflows, also review LLM-based app vulnerability testing and LLM scan verification.

Default scan profile selector on the Scan configuration tabDefault scan profile selector on the Scan configuration tab

If you change this value, click Save target configuration to apply it to upcoming scans.

Balance speed against target stability

In Scan speed, choose the request rate your target can tolerate:

  • Sequential - use for fragile targets where you need minimal concurrency.
  • Slow - use when you want low pressure on the application but better throughput than sequential mode.
  • Moderate - use for most stable environments where you want balanced speed and caution.
  • Fast - use when the target can handle high concurrency and you want the shortest runtime.

The help text under the speed selector shows the effective concurrency and throttling for the selected mode.

Scan speed selector with Sequential, Slow, Moderate, and Fast options in light modeScan speed selector with Sequential, Slow, Moderate, and Fast options in dark mode

Prevent long-running scans from overrunning your window

Set Maximum scan duration to enforce how long a single scan can run before it stops.

  • Pick hours and minutes based on your maintenance window and traffic pattern.
  • Keep the configured value below the allowed maximum shown in the UI.

Use this limit when you need scans to finish inside a strict operational window.

Maximum scan duration control showing hour and minute selectors in light modeMaximum scan duration control showing hour and minute selectors in dark mode

Troubleshooting

My scan takes too long even after I increased speed

Higher speed only controls request concurrency. Large applications, heavy authentication flows, and complex client-side routing can still extend runtime. Lower scan depth, tighten scope, or reduce maximum duration to keep scan time within your window.

I can select values but they don't apply to later scans

Changes only apply after you click Save target configuration. If the button remains disabled, confirm another required field on the page isn't in an invalid state.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?