IBM Support

Scanning results in error "memory exceeded a predefined limit"

Technote (troubleshooting)


Attempts to run a scan in IBM Security AppScan Standard results in the error "AppScan memory requirements have exceeded a predefined limit and the scan has been stopped."


AppScan Standard version 9.0.2 and lower has a predefined memory limit set to 1,200 MB (the limit in version 9.0.3 and later is set to 2800 MB on 64-bit operating systems, and still it is set to 1,200MB for 32-bit operating systems). If the AppScan.exe process reaches or exceeds this limit, you will see the "AppScan memory requirements have exceeded a predefined limit" message.
The limit is in place to make sure AppScan Standard stays within stable operating bounds.

Resolving the problem

While it is possible to increase the memory limit value, it is NOT recommended, as it may cause further issues, with un-predicted errors. Instead of increasing the memory, you optimize the scan or minimize the memory usage as follows:

  1. Optimize the scan
    Use steps provided in the technote How to optimize large scans to minimize your scan.

  2. Disable JavaScript execution
    If AppScan Standard is hitting the limit during the test phase and the option Scan Configuration > Explore Settings > Execute JavaScript to discover URLs and dynamic content is enabled, then disable it as follows:
    1. Disable the option
    2. Save the scan
    3. Exit and reopen AppScan Standard
    4. Continue with the Test Phase

      Note: JavaScript Execute is memory intensive in nature. It is not only run in the explore stage, but if multiphase scanning is enabled (which is turned on by default), then it will execute the test responses in an effort to find more links, which in turn will cause AppScan Standard to consume more memory. Consumption is proportional to the amount of projected tests.

  3. Reduce number of Threads
    Reduce the number of testing threads to 1 (the value can be currently set from 1 to 10) under Scan Configuration > Connection > Number of Threads.

    Once modified, save the scan, then close and reopen AppScan Standard and continue with the scan. Restarting AppScan will ensure that the operating system flushes the virtual memory being used by AppScan Standard.

  4. Use CLI (AppScan Command Line Interface) instead of the desktop UI

  5. Disable desktop firewall or anti-virus
    Check if there is a personal firewall or an anti-virus application running on the same machine as AppScan Standard.
    • Desktop firewall - Try disabling the firewall to see if it changes the behavior. If not, then you may want to try uninstalling it to see if that has any impact, if that is an option.
    • Anti-virus - Try disabling the Anti-virus software to see if it changes the behavior. if not, then view the Anti-virus causing performance issues with AppScan Standard for more information.

  6. Reduce number of automatic links
    If your application contains a large number of automatic links (such as <script src=...>) or automatic links that contain large responses, this could cause an out of memory issue.

    The option for automatic links is here:  Scan Configuration >  Advanced Configuration > Tests: Follow all automatic links

  7. Other possible solutions:
    • Run the scan from a different Host - If possible, try running the scan from a different machine to see if the issue persists (on the other host also).
    • Create New Scan - Try creating a new scan to see if the memory limit can be reproduced with the new scan.
    • Enable Auto-Save - If the error persists, try re-scanning after enabling the auto-save feature to 90 minutes for a longer scan or 30 minutes for a shorter scan. To do so, go to Tools > Options > Scan Options and select Automatically save during scan.
      Note: This option may help in cleaning up temporary files in memory.


Document information

More support for: IBM Security AppScan Standard
Scan: Memory issues

Software version: 9.0,, 9.0.1,, 9.0.2,, 9.0.3,,,,,

Operating system(s): Windows

Reference #: 1283301

Modified date: 20 August 2015

Translate this page: