Showing results for 
Search instead for 
Did you mean: 
Level 7

MVM - Performance issues with web application scans

Hi everybody,

Im new to this community so I'm sorry about if my question was already discussed before.

I reported a Performance issue with out web application scans.

Within my Company we will have the following Setup:

Currently we are running MVM 7.5.7.

We have installed 2 scan engines:

1 x MVM 2200 --> only acts as a scan engine for our Website to get an "external" view of our websites

1 x MVM 3200 --> internal scanner, also acts as the scan Controller, the databse for the scan results is placed on a different server

During the Setup of our web application scans, I reported the following issues:

When starting the web application scan (e.g. a web site crawler or an OWASP Top 10 vulnerability) scan we noticed, that the engine will send a lot of requests against the web application in the beginning. So far so good. After some time we noticed that no requests will be send to the web application any more (the traffic will not be blocked by an IPS, we have created certain exception rules on the IPS and also checked if the traffic will be blocked somewhere else)

The scan "runs" till he reaches the timeout. Also within the current Status of the scan no new log Information will be displayed.

I played a bit around with the scan options without any success.

I used the following Settings:

Scrollbar set to normal

Save Vulnerability Data: vulnerable only

Maximum time to assess each host: 360 minutes

max failed auth attemps: 100

max Response size: 500

request timeout: 10

inter request delay: 200

max Directory depth: 20

thoroughness: exhaustive

determine URL uniqueness: use Parameters with alphabetic values

determine form uniqueness: ignore all Parameter values

Hope you can help me a bit further with my Performance issue.

Thanks for your help in advance!

Best Regards,


0 Kudos