This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
k1DBLITZ
Absent Member.
Absent Member.
‎2015-05-15 21:33
8862 views

Multiple Scans Simultaneously

Jump to solution

1.) Are there any licensing restricitons that would prevent me from scanning multiple web applications simultaneously?

 

Say for example we were going through an internal app refresh and I had to perform 100+ Webinspect assessments on various internal applications.

 

2.) If the answer to number one is no, what are the hardware limitations? What are the recommendations for number of simultaneous scans that can occur at any one point in time based on hardware specs?

 

Thanks.

Labels (1)
Labels
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
HansEnders
Micro Focus Expert
Micro Focus Expert
‎2015-05-20 16:24

Jump to solution

WebInspect (desktop) is limited to 2 scans running at one time for the local user.  I believe that Scheduled Scans operate behind-the-scenes using the CLI, so you could probably get 3 scans running at one time with that.

 

The "problem" with the question on performance limits is that WebInspect is not a slow nor quiet tool.  It operates as fast as the selected target can respond, within the constraints of the Requestors scan settings of course.  In doing so, WebInspect will use 100% CPU across all cores and 100% RAM, although it runs at a lowered Priority and will give up RAM and CPU cycles to other apps you start.  And don't neglect your general Windows admin tricks such as free drive space, deframentation, SSD drives, NIC speeds, and Paging File management.

 

If you happen to have access to multiple WebInspect licenses, I would separate them to different physical or VM machines.  No one is more unhappy than a team of 5 users simultaneously using a single "beefy" machine to run 2 scans each and wondering why their personal performance appears so sub-standard.  LOL.

 

Besides the various ways to adjust the scan settings to teeter between "Faster" or "More Thorough" but "Not Both", the system specs for WebInspect 10.40 recommend a 64-bit Windows OS with at least one quad-core CPU (2.5+ GHz) and 8GB RAM (2+ GB/core).  I would go for 12+GB RAM and more than 1 CPU.

 

Since you may not want to sit through every scan, you will want to investigate ways to automate your work load.  Look into the WebInspect CLI options, Scheduled Scans vs. Enterprise Scans, and/or the WebInspect API.  Enterprise Scans are simply lined up series of Sheduled Scans, permitting them to run back-to-back.  Scheduled Scans alone do not work so well for series because you have to know what time to set off the following Scheduled Scan.  The CLI is detailed in the Help guide, as is the API, and both can permit you to set up a sort of Poor Man's WebInspect Enterprise.

 

Then your last ditch effort could always be our Fortify On Demand (FoD) SaaS service.  For even a short-time need, our staff can run your scans for you from HP networks.  Their vetted scan results can be downloaded and stored alongside your own on-site scans, as if you did all the work yourself.

 

 

Separate from this, WebInspect Enterprise permits one scan at a time, per attached Sensor machine.  So more Sensors means more simultaneous scans possible across the network.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

Reply
Report Inappropriate Content
2 Replies
HansEnders
Micro Focus Expert
Micro Focus Expert
‎2015-05-20 16:24

Jump to solution

WebInspect (desktop) is limited to 2 scans running at one time for the local user.  I believe that Scheduled Scans operate behind-the-scenes using the CLI, so you could probably get 3 scans running at one time with that.

 

The "problem" with the question on performance limits is that WebInspect is not a slow nor quiet tool.  It operates as fast as the selected target can respond, within the constraints of the Requestors scan settings of course.  In doing so, WebInspect will use 100% CPU across all cores and 100% RAM, although it runs at a lowered Priority and will give up RAM and CPU cycles to other apps you start.  And don't neglect your general Windows admin tricks such as free drive space, deframentation, SSD drives, NIC speeds, and Paging File management.

 

If you happen to have access to multiple WebInspect licenses, I would separate them to different physical or VM machines.  No one is more unhappy than a team of 5 users simultaneously using a single "beefy" machine to run 2 scans each and wondering why their personal performance appears so sub-standard.  LOL.

 

Besides the various ways to adjust the scan settings to teeter between "Faster" or "More Thorough" but "Not Both", the system specs for WebInspect 10.40 recommend a 64-bit Windows OS with at least one quad-core CPU (2.5+ GHz) and 8GB RAM (2+ GB/core).  I would go for 12+GB RAM and more than 1 CPU.

 

Since you may not want to sit through every scan, you will want to investigate ways to automate your work load.  Look into the WebInspect CLI options, Scheduled Scans vs. Enterprise Scans, and/or the WebInspect API.  Enterprise Scans are simply lined up series of Sheduled Scans, permitting them to run back-to-back.  Scheduled Scans alone do not work so well for series because you have to know what time to set off the following Scheduled Scan.  The CLI is detailed in the Help guide, as is the API, and both can permit you to set up a sort of Poor Man's WebInspect Enterprise.

 

Then your last ditch effort could always be our Fortify On Demand (FoD) SaaS service.  For even a short-time need, our staff can run your scans for you from HP networks.  Their vetted scan results can be downloaded and stored alongside your own on-site scans, as if you did all the work yourself.

 

 

Separate from this, WebInspect Enterprise permits one scan at a time, per attached Sensor machine.  So more Sensors means more simultaneous scans possible across the network.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

View solution in original post

Reply
Report Inappropriate Content
k1DBLITZ
Absent Member.
Absent Member.
‎2015-05-20 18:17

Jump to solution

Thanks Hans, great information as always! 

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.