Skip to main content

Reducing scan times

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Optimizing scan times involves a continuous process of refinement. After verifying your scan coverage and investigating factors that may be contributing to longer scan times, you can refer to the sections in this document to explore various strategies that may help you shorten scan durations and enhance scan efficiency.

Reviewing the slowest pages report

The information in this report may identify endpoints that don't need to be scanned or highlight slow-loading endpoints impacting the overall scan duration. Review the slowest pages by following the steps below:

  1. Select Scans > Recent Scans from the left-side menu.
  2. Locate the scan you would like to review and click Report.
Select Report from Recent Scans.
  1. Scroll down to the Technical Report section and select the Knowledge Base tab. Then select Slowest Pages.
Knowledge Base tab with Slowest Pages selected.
  1. Review the list of the top 10 slowest pages seen during the scan and consider whether to exclude any of the URLs from future scans to help shorten the scan duration. Instructions for excluding URLs from scans are available in the next section of this document.
List of the slowest pages during the scan.

Excluding URLs from scans

The Exclude URLs with RegEx section in the scan profile allows you to exclude specific endpoints from the scan.

  1. Select Scans > New Scan from the left-side menu.
  2. In the Scan Settings, select Scope.
Scan Settings with Scope selected.
  1. In the Exclude URLs with RegEx section, click New RegEx Pattern and populate the new row with RegEx.
New RegEx Pattern in Exclude URLs with RegEx section.
tip

You can switch from Exclude URLs with RegEx to Include URLs with RegEx by selecting the corresponding checkbox. Make sure the Exclude option is selected to configure the scan correctly.

New RegEx Pattern in Exclude URLs with RegEx section.
  1. Click Save Profile to update or create a new scan profile. Alternatively, click Launch to run a new scan with the updated settings.

Reviewing signature and page limits

Review the Maximum Signature Limit Exceeded and Maximum Page Limit Exceeded to see how many pages in your application are hitting this limit. Follow these steps to locate the information:

  1. Select Scans > Recent Scans from the left-side menu.
  2. Locate the scan you would like to review and click Report.
Select Report from Recent Scans.
  1. Scroll down to the Technical Report section and select the Knowledge Base tab. Then select Out Of Scope Links.
Knowledge Base tab with Out Of Scope Links selected.
  1. Expand the Max. Signature Limit Exceeded and Max. Page Limit Exceeded to find the URLs that exceeded these limits.
Knowledge Base tab with Out Of Scope Links selected.

When the scan is within the maximum signature and page limits, it may become slower or less efficient, and some parts of the scan might be truncated or skipped. To lower the crawling limits, follow the steps in the next section.

Lowering crawling limits

Invicti Enterprise has default limits on the number of similar types of pages it will scan. Lowering these limits can reduce scan times. You can adjust these settings in the Scan Policy section as needed.

  1. Select Policies > New Scan Policy from the left-side menu.
  2. Select Crawling.
Scan Policy with Crawling section.
  1. Update these fields as required, then click Save.

Remove some security checks

Some security checks count towards the total number of links, potentially inflating page limits. Turning the Resource Finder and Static Resource off may decrease the scan time.

Follow these steps to turn off the resource finder and static resource security checks:

  1. Select Policies > New Scan Policy from the left-side menu.
  2. Select Security Checks.
Scan Policy with Security Checks section.
  1. Clear the Resource Finder and Static Resources checkboxes.
Resource Finder and Static Resources checkboxes.
  1. Click Save at the bottom of the page.

Sufficient RAM for Invicti Enterprise On-Premises agents

If you use Invicti Enterprise On-Premises agents to scan your targets, ensure that each agent has at least 4GB of dedicated RAM for optimal scan performance. More resources can positively affect scan times.

Application availability

Slow page load times, though not directly reflected as a setting or data point during the scan or in the scan results, can reveal insights into your application's performance during the scan. Check the target's resources to ensure they remain stable during the scan.

note

Although you can adjust the Requests per second or Connection Timeout limits, doing so won't necessarily reduce scan times. Reducing the Requests per Second, for example, could increase the overall scan duration.

To update the requests per second and connection timeout settings, follow these steps:

  1. Select Policies > New Scan Policy from the left-side menu.
  2. Select Request.
Scan Policy with Request section.
  1. Edit the Connection Timeout and Request Timeout fields. You can also adjust the slider in the Requests per Second widget.
Connection Timeout and Request Timeout fields.
note

Any changes made here are at your discretion. Optimizing scan times involves a continuous process of refinement.

  1. Click Save at the bottom of the page.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?