Scanning results in error "memory exceeded a predefined limit"

Technote (troubleshooting)


Problem(Abstract)

Attempts to run IBM Security AppScan Standard results in the error "AppScan memory requirements have exceeded a predefined limit and the scan has been stopped".

Symptom

The full error message is:

AppScan memory requirements have exceeded a predefined limit and the scan has been stopped. It is recommended that you save the scan at this point. If problems persist, please contact your support provider.


Cause

AppScan Standard version 8.5 (and lower) has a predefined memory limit of 800 MB, and version 8.6 (and higher) has the limit set to 1,200 MB. If the AppScan.exe process reaches or exceeds this limit, you will see the "AppScan memory requirements have exceeded a predefined limit" message.

The limit is in place to make sure AppScan Standard stays within stable operating bounds.

Resolving the problem

While it is possible to increase the memory limit value, it is NOT recommended, as it may cause further issues, with unpredicted errors. Instead of increasing the memory, you optimize the scan or minimize the memory usage as follows:

  1. Optimize the scan

    Use steps provided in the technote How to optimize large scans to minimize your scan.

  2. Disable JavaScript execution

    If AppScan Standard is hitting the limit during the test phase and the option Scan Configuration > Explore Settings > Execute JavaScript to discover URLs and dynamic content is enabled, then disable it as follows:
    1. Disable the option
    2. Save the scan
    3. Exit and reopen AppScan Standard
    4. Continue with the Test Phase

      Note: JavaScript Execute is memory intensive in nature. It is not only run in the explore stage, but if multiphase scanning is enabled (which is turned on by default), then it will execute the test responses in an effort to find more links, which in turn will cause AppScan Standard to consume more memory. Consumption is proportional to the amount of projected tests.

  3. Reduce number of Threads

    Reduce the number of testing threads to 1 (the value can be currently set from 1 to 10) under Scan Configuration > Connection > Number of Threads.

    Once modified, save the scan, then close and reopen AppScan Standard and continue with the scan. Restarting AppScan will ensure that the operating system flushes the virtual memory being used by AppScan Standard.

  4. Excessive memory usage

    If having AppScan Standard 8.5 or earlier, use the steps in technote AppScan Standard crashes due to excessive memory usage, to have AppScan Standard restart automatically once it reaches the memory limit.

  5. Use CLI (AppScan Command Line Interface) instead of GUI

  6. Disable desktop firewall or anti-virus

    Check if there is a personal firewall or an anti-virus application running on the same machine as AppScan Standard.
    • Desktop firewall - Try disabling the firewall to see if it changes the behavior. If not, then you may want to try uninstalling it to see if that has any impact, if that is an option.
    • Anti-virus - Try disabling the Anti-virus software to see if it changes the behavior. if not, then view the Anti-virus causing performance issues with AppScan Standard for more information.

  7. Large number of automatic links

    If your application contains a large number of automatic links (such as <script src=...>) or automatic links that contain large responses, this could cause an out of memory issue.

    The option for automatic links is here:  Scan Configuration >  Advanced Configuration > Tests: Follow all automatic links

  8. Other possible solutions:
    • Run Scan from different Host - If possible, try running the scan from a different machine to see if the issue persists (on the other host also).
    • Create New Scan - Try creating a new scan to see if the memory limit can be reproduced with the new scan.
    • Enable Auto-Save - If the error persists, try re-scanning after enabling the auto-save feature to 90 minutes for a longer scan or 30 minutes for a shorter scan. To do so, go to Tools > Options > Scan Options and select Automatically save during scan.

      Note: This option may help in cleaning up temporary files in memory.

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security AppScan Standard
Performance

Software version:

8.0, 8.5, 8.6.0.0, 8.7, 8.8

Operating system(s):

Windows

Reference #:

1283301

Modified date:

2014-06-17

Translate my page

Machine Translation

Content navigation