Reduce scan times
This document is for Invicti Platform
This document outlines best practices for optimizing scans in the Invicti Platform to reduce scan duration and improve overall efficiency, including:
- Utilizing custom scan profiles
- Monitoring average response time and scan duration
- Scheduling scans during off-peak hours
- Configuring excluded paths
- Increasing scan speed
- Retesting only fixed vulnerabilities
Utilize custom scan profiles
Custom scan profiles let you control the specific checks included or excluded during the scanning process. This customization helps streamline the scan by focusing only on the areas you specify.
Follow the instructions in the Custom scan profile documentation to create and configure a custom scan profile. The document also contains instructions for running a scan using the custom scan.
Monitor the average response time and scan duration
Monitoring the average response time of your scans and analyzing scan durations helps you understand if there might be a need to optimize your scan configurations or allocate resources more effectively.
Follow these steps to review the average response time:
- Select Scans > All scans from the left-side menu.
- Click anywhere in the white space surrounding the scan entry you wish to review.
- On the Scan Summary tab, review the Scan duration and Average Response Time.
It's a useful metric for diagnosing performance issues during scanning and ensuring scans are efficient and non-disruptive.
Scan during off-peak hours
Using the Excluded hours setting allows you to schedule scans to avoid peak business hours, ensuring they run when system activity is minimal. This helps prevent interference with critical operations and can potentially shorten overall scan durations.
Learn how to assign an excluded hours profile to a target by following the steps in the linked document.
After the profile is assigned, all future scans of this target run according to the excluded hours profile you specified. For example, if you initiate a scan during the workday with the excluded hours set to 'Except working hours,' then the scan is in 'Queued' status for the remainder of the workday and begins scanning after working hours.
If the available excluded hours profiles do not meet your needs, you can create a custom profile and assign it to your targets.
Set excluded paths
Setting Excluded Paths can reduce scan times by narrowing the scan's focus to relevant areas and avoiding unnecessary reviews of known safe or irrelevant paths. By concentrating resources on critical or high-risk areas, the scan becomes faster and less resource-intensive. You can set excluded paths in the Crawling options of the Target settings.
Increase scan speed
If you have previously reduced the scan speed, and the server can handle the bigger load, follow the following steps to increase the scan speed.
The default scan speed is set to Fast.
- Select Targets from the left-side menu.
- Click the target to edit it.
- In the Target Information section, set the Scan Speed slider to the Fast setting.
- Save target configuration.
Retest only fixed vulnerabilities
Retesting only fixed vulnerabilities reduces scan times by focusing on specific issues that have been addressed rather than rescanning the entire web application. This targeted approach eliminates the need for a full scan, which saves time and resources. It allows for quicker verification of fixes and avoids the processing overhead associated with a comprehensive scan.
For information on how to retest specific vulnerabilities, refer to the Retest vulnerabilities documentation.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center