最后更新于2024年2月3日(星期六)22:13:02 GMT
在InsightAppSec中扫描web应用程序时, 你可能会看到它需要几个小时, 如果不是几天的话, to run. 这可能是由于你的web应用的大小, but plenty of settings in your scan configuration can be modified to help scans complete faster.
第一个设置是 Info -> Enable Incremental Scanning. Incremental scanning will take the crawl map of the previous scan and only hit new or updated web pages. 它使用页面的抓取签名, 如果它在之前的扫描中不存在, or is different, 然后扫描仪就会攻击它. This is especially useful if you have InsightAppsec as part of your CI/CD pipeline process, and you don't need to run a full scan every time a new build gets created. Just be aware that you will see fewer vulnerabilities on your web app because we are scanning fewer pages. It is still recommended you run periodic full scans of your web app without incremental scanning enabled to ensure maximum visibility into the vulnerability findings.
你的第二个选择是 Scan Scope -> 爬行的限制. This allows you to explicitly limit certain pages or directories from being crawled. For example, 如果你有多种语言的产品手册, we don’t necessarily want to attack the same pages several times. We can explicitly allow one directory to be attacked while excluding another. 在下面的截图示例中, we are allowing the scan to hit the /manuals/EN/ directory while excluding all other directories under /manuals/.
http://docs.joyerianicaragua.com/insightappsec/scan-scope/#crawling-restrictions
Another trick with the crawl restrictions is the ability to tell InsightAppSec to only scan specific pages or directories. 首先,将目录添加到 Scan Config URLs under your scan scope, and then specify the target directory under the 爬行的限制.
控件中添加约束是可选的 攻击的限制 so the scan still crawls the target pages, but doesn’t attack them.
如果你有一个非常大的web应用, an advanced use case would be to create several scan configurations, 在每个目录中指定不同的目录, and kick off multiple scans against your application at the same time. Be careful because this will multiply the traffic being sent to your web server for each scan configuration you create.
Next, we have Authentication -> Additional Settings. While you might not encounter this for all of your web applications, sometimes InsightAppSec will show that it was constantly detecting logouts in the scan logs. When this happens, 扫描程序将尝试重新登录, and if it keeps detecting these false session losses over and over, 它可能导致扫描需要很长时间才能完成.
为了解决这个问题,我们可以调整 会话丢失正则表达式 or the 会话丢失头正则表达式 depending on where the logs say the logout match was found, either in the response header or response body.
If the issue is in the header, it is recommended to delete the 会话丢失头正则表达式 值并保持空白. 然后,您可以更改 会话丢失正则表达式 到只存在于登录表单上的东西. 一些例子包括:记住我的邮箱/忘记密码?|记住我|让我签到|让我签到.
If the issue is in the body, you can remove the string that is causing the problem from the 会话丢失正则表达式 and add in additional strings from the example above for more accurate detection.
We now have Custom Options -> Performance, 你可以调整哪个来提高扫描速度, 但代价是对web应用程序的打击更大. 最需要调整的两个字段是 Max Bandwidth and 最大并发请求数.You should start by doubling these values and seeing how your web application responds to the increased traffic. 如果没有问题, you can then continue to increase the values to what is shown in the screenshot below.
可选地,您可以调整 URL重试次数 and the 请求间最小延迟, but these have a much higher likelihood to cause problems for your web application or cause you to miss certain pages. Always work with your app developers to ensure that you don’t accidentally take down your application.
http://docs.joyerianicaragua.com/insightappsec/custom-options/#performance
下一个场景在下面 Custom Options -> Advanced Options -> ScanConfig -> JavaScriptEngine. This allows you to change the default engine that is used for your scan. Chrome is currently set by default, as it uses the older crawling engine. 更快,更准确的扫描, 特别是在现代web应用程序上, 此值应切换为 Chromium 从Rapid7最新的爬行引擎中获益.
http://docs.joyerianicaragua.com/insightappsec/advanced-options
http://docs.joyerianicaragua.com/insightappsec/advanced-options/#Engine-version-75
Also, under Advanced Options, if you don't want to scan specific page extensions, you can add them under either CrawlConfig or AttackerConfig -> DenyListExtensionList.
Optionally, if your scans are still running too slow, you can further adjust the 爬的配置 and 攻击者配置 under the Advanced Options. 更多信息可以在下面的链接中找到.
http://docs.joyerianicaragua.com/insightappsec/common-crawling-issues/#how-can-i-increase-scan-speed
If you need to set a maximum amount of time for the scan to run, you can adjust the MaxScanTimeInMinutes under CrawlConfig. This stops the scan at a certain time, whether the scan is complete or not. This can cause your scan to miss directories and to not get a complete picture of your Web应用程序漏洞,所以只有在绝对必要的时候才使用它.
If you want to run faster validation scans, click into the scan results and click on Validate Scan, in the upper right, to only search for the vulnerabilities found during that scan. This has the added benefit of automatically adjusting the vulnerability status if the vulnerability is not found again. Just remember this isn’t running a full scan against your web application, 所以你不会发现任何新的漏洞.
http://docs.joyerianicaragua.com/insightappsec/test-vulnerability-remediation
There are many options for speeding up the amount of time it takes to run a scan. As always, if you continue to have issues with scan time or anything else scanning related, 不要犹豫,联系Rapid7支持以获得更多帮助.
