Loading session takes a LONG time
480 views
Skip to first unread message
Nicole Errante
Nov 11, 2021, 1:31:54 PM11/11/21
to OWASP ZAP User Group
Hi all,
I know my session file is huge because of the size of our application and the full scanning i'm doing. But is there an average time it should take to load - mine takes over an hour (sometimes it even hangs up but with no errors in the log). I don't know if I'm just trying to do too much on this machine or what, but if you have any advice I would be glad to hear it.
Nicole
I know my session file is huge because of the size of our application and the full scanning i'm doing. But is there an average time it should take to load - mine takes over an hour (sometimes it even hangs up but with no errors in the log). I don't know if I'm just trying to do too much on this machine or what, but if you have any advice I would be glad to hear it.
Was thinking maybe I should not try to have the scan results for the entire app in one session - meaning only scan part of the sites tree per each new session (using a copy of the same session pre-scan as base).
Anyhow, this is going to become unsustainable unless I can figure something out so any tips/tricks on getting the session to load faster is appreciated.
Nicole
kingthorin+owaspzap
Nov 11, 2021, 2:25:39 PM11/11/21
to OWASP ZAP User Group
This is a known issue. Sadly we've not had anyone volunteer saved sessions to use in debugging it.
There are a few suggestions in the issue and responses that might help you.
Nicole Errante
Nov 11, 2021, 2:39:01 PM11/11/21
to zaprox...@googlegroups.com
Honestly, knowing it isn't just me is comforting! Thanks for the link to the issue, I will take a look at that for some ideas!
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/GrlsmM5LpvU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/357e854c-9f10-4732-a207-4151d6669c05n%40googlegroups.com.
Nicole Errante
Nov 15, 2021, 1:50:51 PM11/15/21
to OWASP ZAP User Group
Follow up question on this. I'm trying to figure out how to proceed with having a very large application and even larger session.
Is there a way to load the sites tree that maintains the original calls OTHER than persisting the session? I know you can export and import URLs via text file but that loses all the inputs. Spidering (even ajax) doesn't work well with my application so I had to hand navigate through it and I use input vector scripts as well. So not losing that information in the site tree is important...but I don't know how else to load that without just persisting and loading the session. I'm hoping there is a secret I don't know about. (We don't have an API either)
Simon Bennetts
Nov 16, 2021, 4:05:48 AM11/16/21
to OWASP ZAP User Group
What have you got available? :)
I dont recommend using a persisted session unless theres absolutely no alternative - if and when the application changes then this session will gradually go out of date.
Regression tests are an ideal option, if you have them.
The following Deep Dive videos cover all of the options in detail:
Nicole Errante
Nov 17, 2021, 5:30:59 PM11/17/21
to OWASP ZAP User Group
Thanks Simon. That is good to know. I do have some GUI regression tests we could use. That gives me a good place to re-think this.
Reply all
Reply to author
Forward
0 new messages