Set test execution options
Configure XBOW to run penetration testing successfully without causing server problems.
- Lightspeed users: Execution options are shown on the “Configuration check” page.
- Enterprise users: Execution options are shown on the “Target configuration” page.
Important: You cannot change the execution settings after an assessment starts.
Configure test windows
Restrict testing to specific time periods by configuring the allowed testing window.
-
In the “Allowed window” area, define when XBOW testing can run:
- Use Business hours only when you want to actively monitor test traffic and respond quickly to issues.
- Choose Off-business hours only to minimize impact in production systems with active users during business hours.
- For test environments, select Anytime to get results faster.
-
From the Timezone dropdown, select the timezone where your server is located.
When you restrict testing to a window, the assessment pauses outside that window and resumes automatically when the next window opens. For more information, see Approved hours in “Troubleshooting assessments”.
Set request rate limits
Configure the maximum number of requests per second (RPS) that XBOW sends to your application.
Use the slider in the “Rate limit” field to set an appropriate value. For guidance on choosing a starting rate, see Choosing an appropriate starting rate.
Best practice: Start with a conservative rate limit to avoid overloading your application and pausing your assessment. Have your operations team monitor application performance, then adjust the rate limit as needed for future assessments.
Set parallel or sequential testing mode
By default, XBOW runs multiple test agents concurrently. Each agent logs in to your application using the same test account.
If your server supports concurrent sessions for the test account, parallel testing allows XBOW to complete assessments faster. However, if your server does not support concurrent sessions, the assessment may fail.
If your application does not support concurrent sessions for the same user, enable Sequential mode to run one test agent at a time.
Next steps
- Lightspeed users: Run assessment
- Enterprise users: Fix configuration check problems