Rate Limiting
Overview
Rate limiting allows you to control the maximum number of requests per second that Pensar’s security agent makes during penetration testing. This is useful when testing against environments with strict rate limits or limited resources.
Enabling rate limiting will significantly increase scan duration. If your environment can handle unrestricted testing, disabling rate limits is recommended for faster results.
When to Use Rate Limiting
When testing against staging or QA environments shared with other teams, rate limiting prevents resource contention.
If your API has built-in rate limiting that blocks requests, configure the agent to stay under those thresholds.
For environments with limited compute or bandwidth, throttling requests prevents overload.
When testing against production or production-like environments where stability is critical.
Configuring Rate Limits
Performance Impact
The rate limit directly affects scan duration:
Rate limiting applies to both HTTP requests and command executions during testing. The agent will wait to acquire a slot before making each request.
Recommendations
For optimal testing performance:
-
Disable rate limits when possible - If your test environment can handle unrestricted traffic, leave rate limiting disabled for faster scans.
-
Match your API’s limits - If your API enforces rate limits (e.g., 100 requests/minute), set the agent slightly below that threshold.
-
Test during off-peak hours - Running scans during low-traffic periods allows for higher rate limits without impacting other users.
-
Use dedicated test environments - Whenever possible, test against isolated environments where rate limiting isn’t necessary.
