- Support large companies and provide varied solutions related to particular company's industry.
- A single domain consists of multiple types of workflows in different areas of the website.
- Involve a significant amount of user input.
- Include workflows with multiple required steps, such as the checkout process on an online shopping application.
These types of applications are particularly complicated for the scan engine to analyze. If you want to reduce the scan times for these types of applications, Veracode recommends you perform the following configurations:
- Create multiple application profiles for the application
- If your application contains multiple categories of application, creating multiple application profiles allows you to
limit individual DynamicDS scans to one type of application and configure the scan to most
efficiently analyze that type. For example, you may want to create one profile for your
After you create the application profiles, configure the Target URL and Allowed Hosts fields in the scan configurations to include the appropriate category of page and enter the pages that link from the target URL but fit another category of page in the Exclude URLs field.
If the target URL for the application is the login page, you can use the same URL for each profile, but you must precisely configure the allowed hosts and excluded URLs.
- Audit only the highest-risk parameters
- If you are only concerned with the highest-risk parameters exposed by the application, setting the Vulnerable Parameter Auditing to Audit only the highest risk parameters significantly reduces scan time. If you usually have this option enabled, Veracode recommends that you periodically perform a scan with the default setting of Audit Veracode-default parameters.