Im new to this community so I'm sorry about if my question was already discussed before.
I reported a Performance issue with out web application scans.
Within my Company we will have the following Setup:
Currently we are running MVM 7.5.7.
We have installed 2 scan engines:
1 x MVM 2200 --> only acts as a scan engine for our Website to get an "external" view of our websites
1 x MVM 3200 --> internal scanner, also acts as the scan Controller, the databse for the scan results is placed on a different server
During the Setup of our web application scans, I reported the following issues:
When starting the web application scan (e.g. a web site crawler or an OWASP Top 10 vulnerability) scan we noticed, that the engine will send a lot of requests against the web application in the beginning. So far so good. After some time we noticed that no requests will be send to the web application any more (the traffic will not be blocked by an IPS, we have created certain exception rules on the IPS and also checked if the traffic will be blocked somewhere else)
The scan "runs" till he reaches the timeout. Also within the current Status of the scan no new log Information will be displayed.
I played a bit around with the scan options without any success.
I used the following Settings:
Scrollbar set to normal
Save Vulnerability Data: vulnerable only
Maximum time to assess each host: 360 minutes
max failed auth attemps: 100
max Response size: 500
request timeout: 10
inter request delay: 200
max Directory depth: 20
determine URL uniqueness: use Parameters with alphabetic values
determine form uniqueness: ignore all Parameter values
Hope you can help me a bit further with my Performance issue.
Thanks for your help in advance!