AnsweredAssumed Answered

Impacts of WAS retests

Question asked by Elvar Bodvarsson on Jan 9, 2019
Latest reply on Jan 9, 2019 by Elvar Bodvarsson

I have a rather large web site I am rescanning, trying to lower what should be scanned because I'm always hitting the time limit of 25 hours per scan.

 

In the meantime to provide an accurate report I'm retesting old vulnerabilities, which are mostly XSS and I'm having issues.

 

  1. From starting a retest to it being flagged as fixed takes 5-6 hours for XSS vulnerabilities. For some other retests I have done it has taken well within 1 hour.
  2. Starting multiple retests for XSS vulnerabilities creates such an impact on the webserver that it goes down.

 

Is there some way to see what is happening during retests? they do not show up in the scan list at all.

Why is the XSS retest taking so long and why is it taking down the website?

Outcomes