![]() ![]() ![]() It is worth identifying hardware and network related issues first. The most important thing is to identify the underlying causes, and there are many possibilities, any or all of which could be the culprits: When investigating performance issues with ZAP I recommend running it with the UI even if you want to run it in headless mode in the end – it will allow you to see whats going on much more effectively. However most scanners are very configurable, so even if you do have a massive application there are lots of approaches you can use. So if you have a very large application with lots of pages and parameters running on a relatively slow machine then with a default configuration any scanner will take a long time to complete! There will be a practical limit to the number of threads that will actually be useful – you will always be limited by the network and the amount of processing power on both the target application and the attacking machine (especially if they are the same!). The time a scan takes is therefore based on: They then usually attack every parameter on every page. This identifies all of the URLs that make up the application, all of the forms and all of the parameters. Typically they explore the application using a spider (also known as a crawler). It helps to understand how scanners like ZAP work. There are actually many things you can do, but the first thing you have to do is work out why its taking a long time. Is that it, do you have to lump it or leave it? So you’ve used OWASP ZAP to scan your web application, and its taking far too long □
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |