Skip to content
  • There are no suggestions because the search field is empty.

How can I speed up a web assessment?

In many assessment scenarios, performance and speed are critical, especially when you demand quick results or need frequent assessments. However, while optimizations can speed up assessments, they may also reduce coverage and accuracy. It’s important to understand these tradeoffs.

Using only GET requests

Restricts the assessment to use only HTTP GET requests, skipping POST, PUT, and other methods. This reduces the overall number of requests and speeds up the assessment.

Impact

Faster assessments. Fewer requests mean less data transfer and quicker results.

Reduced coverage. Many modern web applications rely heavily on other HTTP methods (such as POST) for functionality such as logins, form submissions, or API interactions. By excluding these, the assessment might miss vulnerabilities there.

Please note that this is a trade-off between speed vs depth. If full coverage is a priority, you should keep all request methods enabled.

Excluding specific HIDs

Certain HIDs represent complex or time-consuming checks. Excluding them can significantly shorten assessment times.

Impact:

Improved performance. The assessment completes faster, ideal for recurring or time-sensitive assessments.

Reduced detection. Some excluded HIDs might correspond to critical vulnerabilities. Excluding them means those vulnerabilities won’t be tested or reported.

Position this as a customizable optimization. It’s useful when you want to focus on a subset of issues (e.g., the OWASP Top 10), but you should be aware that exclusions reduce visibility into some risk areas.

Blacklisting paths

Prevents the assessment from testing specific directories or URLs (e.g., /admin, /api, /uploads).

Impact

Faster assessments. Large or dynamic sections of a web application can slow down assessments; skipping them improves performance.

Untested areas. Any path on the blacklist will remain completely unassessed, potentially hiding critical vulnerabilities.

This option is great if you already know certain paths are out of scope or contain heavy, irrelevant content. However, emphasize that blacklisting paths should be used with caution.

Conclusion

When evaluating optimization options, always frame them in terms of performance versus coverage. Faster assessments are valuable, but speed should never come at the cost of missing high-risk vulnerabilities.

  • Use optimizations strategically, for large-scale or routine assessments
  • Keep full assessments in their regular cycle to ensure full coverage
  • Understand exactly what’s excluded when optimizations are applied