The Performance tab allows you to customize the network, performance, and logging settings.

Network Settings

The Network Settings determine the amount of networking activity that AppSpider will generate. You can adjust these settings based on your scan speed requirements and the resources available for scanning.



Number of URL Retry Attempts

The maximum number of times AppSpider will retry a connection to a URL.

Min Delay Between Requests, ms

The minimum time in milliseconds that AppSpider will wait between sending requests to the target application. This value is inversely proportional to the speed of your scan. If you are testing a slow app, you can increase the value of this parameter so that your target app requires fewer resources to support the test.

The default value of this property is 25ms. For light server loads, we recommend increasing the value to 200ms.

Connection timeout, ms

The maximum amount of time in milliseconds that AppSpider will wait for the target application to respond to a request. You should increase this value if you are testing an app hosted on a server with limited resources or noticing a high number of timeout messages in the scan logs.

The default value is 60,000ms (60 seconds).

Read Timeout, ms

The maximum amount of time in milliseconds that AppSpider will wait to receive the complete response to any request. Read timeouts relate to how long it takes to load pages. For example, heavy reporting platforms may exceed 60 seconds to generate the page.

The default value is 60,000ms (60 seconds).

Maximum Bandwidth, KB/s

The maximum rate of traffic in KB/s that an AppSpider scan will generate. You can increase this number if you are scanning during periods of low network usage in your organization, and wish to increase the scan speed.

The default value is 1,200 KB/s.

Max Concurrent Requests (1-64)

In order to improve scan efficiency, AppSpider tries to crawl and attack several pages of the target app at the same time. This parameter determines the maximum number of concurrent requests that AppSpider will make to the target app.

This parameter can have a maximum value of 64. The default value is 16.

Server Load

All the previous parameters contribute to the performance load that will be added to the server due to the scan. You can adjust the scan activity load on the target between Light, Medium, and Heavy, which will change the other scan settings accordingly.

Secure Protocols

Web applications use cryptographic protocols like SSL and TLS to ensure that any information going to and from their servers is automatically encrypted. Both SSL and TLS have several versions denoted by version numbers such as 1.0, 1.1, and 2.0. For AppSpider to communicate with HTTPS sites, the target site, the AppSpider scan engine, and the operating system of the scan engine need to use a common protocol for encryption. If AppSpider uses a different protocol from the target, you will see “security error occurred" messages in the Traffic Log.

You can use the SSL Protocol field to set the cryptographic protocol used by AppSpider. The options are:
* SSL2|SSL3 - SSL 2.0 and SSL 3.0
* SSL3|TLS1 - SSL 3.0 and TLS 1.0
* TLS11|TLS12 - TLS 1.1 and TLS 1.2

For any other combinations of protocols, you will have to modify the NetworkSettingsConfig.SecureProtocols property in the Advanced Options screen.

Sequential Scan

AppSpider is a multithreaded application, which means it runs many tasks at once. The Sequential Scan setting causes the engine to run one task at a time. This setting is useful for support personnel troubleshooting and debugging the application.

Anti DoS

If you enable this feature, the AppSpider scanner will automatically adjust the scan speed downward or upward based on the performance of the target. The scanner will pause the scan if the target is experiencing a Denial of Service (DoS) state.
Anti DoS will only slow your scan if it detects a problem, unlike delay between requests and the other performance options which will almost guarantee that your scan is slowed. So this should be the first thing to try before tuning down performance.

Performance Settings

The Performance Settings determine the amount of resources that AppSpider can consume on the system where it is running.



Max CPU Usage (%)

The share of CPU resources that AppSpider can consume before the operating system will begin to prioritize other processes that need resources.

Maximum memory ceiling(Mb)

The maximum memory that AppSpider will allow itself to take up before it shuts itself down.

Disable available memory monitoring

This setting stops AppSpider from checking if it has hit the maximum memory ceiling. AppSpider might crash if it runs out of memory.

Logging Options

The Logging Options determine which scan activities are logged to your system. AppSpider creates scan logs at the path <AppSpider Data>/Scans/<Scan config name>/<Timestamp>/logs.



Operation log

The Operation Log details the actions taken by AppSpider, such as crawling a link and running a specific attack.

Traffic log

The Traffic Log details the request and response traffic and is very helpful if debugging is required. Traffic logging is disabled by default since these logs can become very large with longer scans.