The time a scan takes depends on a number of factors and it is not easy to estimate it beforehand. The primary factors that determine the duration of a scan are:
-
Number of pages on your site: scanning involves a certain number of tests per page, so the more you have, the more time it will take. However, the time increase is not necessarily linear because the number of tests per page also depends on a number of factors.
-
Number of inputs (injection points) per page: the more injection points you have on a page, the more tests will be performed. Injection points are user input fields like form fields. So if you have a page with a long form, it will take more time to scan it.
-
Performance of the server that hosts your site: if your server is slow, i.e., if it takes several seconds to load a page, it will take more time to scan your site. If, on the other hand, your hosting server has a quick response time, it will speed up the scan. The velocity of the scanner is adjusted automatically based on the response time of your site. If the average response time increases, the scanner will slow down. If the average response time is stable, the scanner will increase the number of requests per second.
- Scan level you've chosen: a "lighting" profile scan will run much faster than a "normal" scan profile for the same site because it runs fewer checks. Read more about the scan levels here.
