Test Optimization view

Test Optimization uses AppScan’s intelligent test filtering to achive faster scans, when speed is needed, with minimal loss of issue coverage. You choose between four optimization levels depending on your needs.

A full regular AppScan Standard scan typically sends thousands of tests and may take hours, in some cases days, to complete. During the early stages of development, or for a quick overall evaluation of the current security posture of your product, you can use Test Optimization to get the results you need in a shorter time frame, by choosing a balance between speed and issue coverage. There are three levels of optimization, and the table below shows some suggested use case for each level.

Our intelligent test filters are based on statistical analysis, and filter out certain tests – or even specific test variants – to produce a shorter scan that identifies the more common, severe and otherwise important vulnerabilities only. AppScan fix packs and ifixes keep you up-to-date with the latest optimization filters. Using Test Optimization can greatly reduce overall scan time when fast results are more important to you than a thorough, in-depth scan.

Test Optimization is applied to whichever Test Policy you select for the scan, so not all tests in the policy are sent. Note that the optimization setting makes no difference to the Explore stage, it is the (much longer) Test stage that can be greatly reduced.

Setting Vulnerabillity coverage* Test stage speed Suggested use
No optimization Maximum Full length scan (as configured) For security experts before a major releases, compliance testing, and benchmarks, when a longer scan will not interrupt your development workflow. With this setting all issues in the selected Test Policy are tested for.
Fast (default) ~97% Up to twice as fast For security experts for their more frequent scans.
Faster ~85% Up to five times as fast For DevSecOps, during ongoing evaluation.
Fastest ~70% Up to ten times as fast For Dev and QA during initial evaluation.
* Compared with an equivalent, non-optimized scan, and applies to actual Vulnerabilities, not Informational Issues.
Important: The values shown in the table above are estimates based on some typical applications, but the actual reduction in scan time and extent of issue coverage will vary depending on your specific application.
Tip: If optimization is applied, some of the vulnerabilities in your selected Test Policy may not be tested for. Therefore, if you are using the "Complete" Test Policy, and want all its tests to be sent, you should disable Test Optimization by selecting No optimization.

See also: Understanding Test Optimization