Reducing scan time

This document provides information about optimizing your Acunetix scans to reduce scan time and enhance efficiency.

Utilizing custom scan profiles

Custom scan profiles let you control the specific checks included or excluded during the scanning process. This customization helps streamline the scan by focusing only on the areas you specify.

To create and configure a custom scan profile, follow the instructions in our Custom Scans documentation. Then, follow the steps below to assign the new scan profile to your target web application and start a new scan.

How to assign a custom scan profile to a target

  1. Select Targets from the left-side menu.
  2. Select the checkbox next to the target that will be assigned the custom scan profile.

  1. Click Scan to open the Scanning Options.

  1. In the Scan Profile drop-down, select the new scan profile you created.

  1. Select a Report and Schedule according to your preferences, and enable the checkbox to confirm you are fully authorized to scan the target.
  2. Click Create Scan to start a scan using the custom scan profile.

Monitoring the average response time and scan duration

Monitoring the average response time of your scans and analyzing scan durations helps you understand if there might be a need to optimize your scan configurations or allocate resources more effectively.

How to check the average response time and scan duration

  1. Select Scans from the left-side menu.
  2. Click on the target of the scan you would like to review.

  1. On the Scan Details page within the Scan Summary tab, check the Scan duration and Average Response Time.

Scanning during off-peak hours with the Excluded Hours setting

Utilizing the Excluded Hours setting allows you to schedule scans during off-peak hours when system activity is low. Excluded Hours can help ensure that scans do not interfere with critical business processes and consequently may help reduce the scan time.

How to assign an excluded hours profile to a specific target

  1. Select Targets from the left-side menu.
  2. Click on the target that you want to use with an excluded hours profile.
  3. Scroll down to the bottom of the Target Settings page and expand the Advanced section.

  1. In the Excluded Hours Profile dropdown, select a profile from the list.

  1. Click Save to apply the changes.

All future scans of this target will now run according to the excluded hours profile you specified. For example, if you initiate a scan during the workday with the excluded hours set to 'Except working hours,' then the scan will be in 'Queued' status for the remainder of the workday and begin scanning after working hours.

TIP: If none of the pre-configured excluded hours profiles suit your situation, you can create a custom excluded hours profile and apply it to your targets. For more information, refer to the Configuring Excluded Hours documentation.

Setting Excluded Paths

Setting Excluded Paths can reduce scan times by narrowing the scan’s focus to relevant areas and avoiding unnecessary checks of known safe or irrelevant paths. By concentrating resources on critical or high-risk areas, the scan becomes faster and less resource-intensive.

There are two ways you can set excluded paths:

  1. From the Scan Details > Site Structure after a crawl or scan of the target.
  2. In the Crawling options of the Target Settings.

For instructions on how to set excluded paths using either of these options, refer to Configuring Acunetix to exclude scanning a portion of a website.

Increasing scan speed

If you have previously reduced the scan speed, and the server can handle the bigger load, follow the steps below to increase the scan speed. The default scan speed is set to Fast.

  1. Select Targets from the left-side menu.
  2. Click on the target to edit it.
  3. In the Target Information section, set the Scan Speed slider to the Fast setting.

  1. Click Save.

Retest only the fixed vulnerabilities

Retesting only fixed vulnerabilities reduces scan times by focusing on specific issues that have been addressed rather than rescanning the entire web application. This targeted approach eliminates the need for a full scan, which saves time and resources. It allows for quicker verification of fixes and avoids the processing overhead associated with a comprehensive scan.

For information on how to retest specific vulnerabilities, refer to the Retesting Vulnerabilities documentation.

« Back to the Acunetix Support Page