Speed up Activa Scan

347 views
Skip to first unread message

Tiago Silva

unread,
Mar 6, 2024, 7:09:14 AM3/6/24
to ZAP User Group
Hi,

I've been following both this guide:

And I've managed to reduce the time of an activa scan from several days to 11 hours.
Still, 11 hours is still plenty more than expected.

I've adjusted and limited to only a few tecnologies on the context. Adjusted the strengh to low on all activa scan rules/polcies.
Limited the max alert per rule to 10.
Increased a lot threads per host and enabled anti CSRF tokens.

Below are the timings:
automation_framework_timing.pngactiva_scan_progress1.pngactiva_scan_progress2.png

Any idea how can I improve the performance?

Much appreciated,

Thank you,
Tiago Silva

Simon Bennetts

unread,
Mar 7, 2024, 4:25:38 AM3/7/24
to ZAP User Group
Hiya Tiago,

Just looking at the first rule - Path Traversal - ZAP is making ~ 1,400 requests in 40 mins. Thats approx one request every 1.7 seconds.
Thats incredibly slow, particularly if you have configured a number of threads!

There are a variety of possible reasons, including:
  • The target is very slow
  • The network is very slow
  • Something is throttling the ZAP requests (e.g. a firewall)
  • You've accidently set a delay on the active scan
  • You are using a script that is very slow
First I would check you havnt accidentally set the active scan delay: https://www.zaproxy.org/docs/desktop/ui/dialogs/options/ascan/#delay-when-scanning-in-milliseconds
Next up - try to use the app manually - does it take a really long time to respond?

Cheers,

Simon

Tiago Silva

unread,
Mar 7, 2024, 5:49:00 AM3/7/24
to ZAP User Group
Hey Simon,

Thanks for the suggestions.

I'm using the deafult 0 as the delay on the active scan.
It is highly unlikely the target or the network being slow. Both the target and the instance where zap docker are installed are both an Oracle Cloud instances, with high specs, they are also both on the same subnet, so it should not cause network issues. For example, I can transfer large files between both instances at high speeds.

Firewall is also allowing zap to reach the target, but I'm unsure how to check if something is throttling it?

Yes I've tried the app manually, it does not take long to respond. I've also tried to run the automation framework on a zap installed on a windows, instead of a docker in a linux instances, and I get the same timmings. Even using manual active scan,  instead of automation framework.

Thank you,
Tiago Silva
Reply all
Reply to author
Forward
0 new messages