Test optimization

Test optimization uses intelligent test filtering to achieve faster scans with minimal loss of issue coverage. When speed is a consideration, choose between four optimization levels.

A full regular scan typically sends thousands of tests and may take hours or even days to complete. During the early stages of development, or for a quick overall evaluation of the current security posture of your product, you can use test optimization to balance between speed and issue coverage and thus get the results you need to evaluate development progress. There are three levels of optimization: Fast, Faster, and Fastest.

Our intelligent test filters are based on statistical analysis and filter out certain tests – or even specific test variants – to produce a shorter scan that identifies the more common, severe, and otherwise important vulnerabilities only. Using test optimization can greatly reduce overall scan time when fast results are more important to you than a thorough, in-depth scan. Later in the development cycle, or at specific intervals, you may decide to use the normal (full, no optimization) scan for a more complete security picture.

Test optimization is configured in DAST scan setup.

Setting Vulnerability coverage* Test stage speed Suggested use
No optimization Maximum Full length scan (as configured) For security experts before a major releases, compliance testing, and benchmarks, when a longer scan will not interrupt your development workflow. With this setting all issues in the selected Test Policy are tested for.
Fast (default) ~97% Up to twice as fast For security experts for their more frequent scans.
Faster ~85% Up to five times as fast For DevSecOps, during ongoing evaluation.
Fastest ~70% Up to ten times as fast For Dev and QA during initial evaluation.
* Compared with an equivalent, non-optimized scan, and applies to actual vulnerabilities, not informational issues.
Important: The values shown in the table above are estimates based on typical applications. The actual reduction in scan time and extent of issue coverage will vary depending on your specific application.

See also: Test Optimization FAQ