Set test execution options

Configure XBOW to run penetration testing successfully without causing server problems.

• Lightspeed users: Options are shown on the “Configuration check” page.
• Enterprise users: Options are shown on the “Target configuration” page.

Important: You cannot change the execution settings after an assessment starts.

Configure test windows

Restrict testing to specific time periods by configuring the allowed testing window.

1. In the “Allowed window” area, define when XBOW testing can run:

   • Use Business hours only when you want to actively monitor test traffic and respond quickly to issues.
   • Choose Off-business hours only to minimize impact in production systems with active users during business hours.
   • For test environments, select Anytime to get results faster.

2. From the Timezone dropdown, select the timezone where your server is located.

Set request rate limits

Configure the maximum number of requests per second (RPS) that XBOW sends to your application.

Use the slider in the “Rate limit” field to set an appropriate value. For guidance on choosing a starting rate, see Choosing an appropriate starting rate.

Best practice: Have your operations team monitor application performance during your first assessment.

Set parallel or sequential testing mode

By default, XBOW runs multiple test agents concurrently. Each agent logs in to your application using the same test account.

If your server supports concurrent sessions for the test account, parallel testing allows XBOW to complete assessments faster. However, if your server does not support concurrent sessions, the assessment may fail.

If your application does not support concurrent sessions for the same user, enable Sequential mode to run one test agent at a time.

Next steps

• Lightspeed users: Run assessment
• Enterprise users: Fix configuration check problems