As part of the WAS options profile, you can define how you want the scanning to handle network and application errors. This is defined in the Behaviour Settings under Scan Parameters. There are two settings that you can modify: Timeout Error Threshold and Unexpected Error Threshold. In this document, we will explain what each one of the settings and values does.
Timeout Error Threshold
When scanning a web application, the WAS scan engine has two timers running for each connection that is made. The first connection is a network-level timeout, which is how long the scanner will wait for the TCP connection to be made to the server. This value is 60 seconds. The second timer is for the total amount of time the scanner will wait for the HTTP request to complete. This value is 300 seconds. If either one of these timeout values is reached, it will increment the Timeout Error count.
Once the count has reached the threshold value, the scan will stop and results up to that point will be reported. The default timeout threshold is 100.
Unexpected Error Threshold
An expected error is considered one of the following events: The scanner receives an error in SSL/TLS handshake. The network connection is broken at any time, for example, the scanner receives a TCP RST packet. The final reason is if the scanner does not receive any response from a request it has made. Any of these errors will cause the Unexpected Error count to increase. Note that 4xx and 5xx responses returned by the web application do not count as unexpected errors.
Once the count has reached the threshold value, the scan will stop and results up to that point will be reported. The default unexpected error threshold is 300.
You can find which links caused timeouts or unexpected errors by inspecting QID 150018 in the scan report. The title of this QID is "Connection Error Occurred During Web Application Scan".