The Performance tab allows you to customize the network, performance, and logging settings.
The Network Settings determine the amount of networking activity that AppSpider will generate. You can adjust these settings based on your scan speed requirements and the resources available for scanning.
Number of URL Retry Attempts
The maximum number of times AppSpider will retry a connection to a URL.
Min Delay Between Requests, ms
The minimum time in milliseconds that AppSpider will wait between sending requests to the target application. This value is inversely proportional to the speed of your scan. If you are testing a slow app, you can increase the value of this parameter so that your target app requires fewer resources to support the test.
Connection timeout, ms
The maximum amount of time in milliseconds that AppSpider will wait for the target application to respond to a request. You should increase this value if you are testing an app hosted on a server with limited resources or noticing a high number of timeout messages in the scan logs.
Read Timeout, ms
The maximum amount of time in milliseconds that AppSpider will wait to receive the complete response to any request. Read timeouts relate to how long it takes to load pages. For example, heavy reporting platforms may exceed 60 seconds to generate the page.
Maximum Bandwidth, KB/s
The maximum rate of traffic in KB/s that an AppSpider scan will generate. You can increase this number if you are scanning during periods of low network usage in your organization, and wish to increase the scan speed.
Max Concurrent Requests (1-64)
In order to improve scan efficiency, AppSpider tries to crawl and attack several pages of the target app at the same time. This parameter determines the maximum number of concurrent requests that AppSpider will make to the target app.
All the previous parameters contribute to the performance load that will be added to the server due to the scan. You can adjust the scan activity load on the target between Light, Medium, and Heavy, which will change the other scan settings accordingly.
Web applications use cryptographic protocols like SSL and TLS to ensure that any information going to and from their servers is automatically encrypted. Both SSL and TLS have several versions denoted by version numbers such as 1.0, 1.1, and 2.0. For AppSpider to communicate with HTTPS sites, the target site, the AppSpider scan engine, and the operating system of the scan engine need to use a common protocol for encryption. If AppSpider uses a different protocol from the target, you will see “security error occurred" messages in the Traffic Log.
AppSpider is a multithreaded application, which means it runs many tasks at once. The Sequential Scan setting causes the engine to run one task at a time. This setting is useful for support personnel troubleshooting and debugging the application.
If you enable this feature, the AppSpider scanner will automatically adjust the scan speed downward or upward based on the performance of the target. The scanner will pause the scan if the target is experiencing a Denial of Service (DoS) state.
The Performance Settings determine the amount of resources that AppSpider can consume on the system where it is running.
Max CPU Usage (%)
The share of CPU resources that AppSpider can consume before the operating system will begin to prioritize other processes that need resources.
Maximum memory ceiling(Mb)
The maximum memory that AppSpider will allow itself to take up before it shuts itself down.
Disable available memory monitoring
This setting stops AppSpider from checking if it has hit the maximum memory ceiling. AppSpider might crash if it runs out of memory.
The Logging Options determine which scan activities are logged to your system. AppSpider creates scan logs at the path
<AppSpider Data>/Scans/<Scan config name>/<Timestamp>/logs.
The Operation Log details the actions taken by AppSpider, such as crawling a link and running a specific attack.
The Traffic Log details the request and response traffic and is very helpful if debugging is required. Traffic logging is disabled by default since these logs can become very large with longer scans.