In March 2013, we released version 8.7 of AppScan. One of
the focus areas for that release was to improve the scalability and performance
of the enterprise components of the solution, specifically the AppScan
Enterprise Server and AppScan Enterprise Dynamic Analysis Scanner. The
Engineering team made some architecture changes, which  helped dramatically improve the performance
and scalability of these components. In this blog entry, I'd like to provide an
overview of these changes and their effect.

First, the Engineering team separated the database tables
for storing information during the execution of a scan from the central AppScan
Enterprise Server database and moved those tables into a local built-in
database on the AppScan Enterprise Dynamic Analysis Scanner (DAST scan server).  In the previous versions of the product, the
scan server wrote data into the AppScan Enterprise Server central database
throughout the entire duration of the scan. This consumed a lot of resources on
the database server which affected the Web UI performance and greatly limited
the number of scans you could run simultaneously on a scan server. There were
also latency concerns depending on where the scan server was located in
relation to the database server. In version 8.7, scan data is written into a
local built-in database on the scan server. Data is transferred to the central
database on the AppScan Enterprise Server only at the end of a scan (in one
batch). This improved the performance of the Web UI, enabled running more
simultaneous scans on a single scan server and addressed the latency concerns
when the scan server is located far from the database server.

Figures 1 and 2 for a depiction of the implemented architecture
changes.

Another implementation change made by the Engineering team
was removing the old encryption mechanism for protecting data
"at-rest".  When deploying
v8.7, we recommend that AppScan Enterprise administrators enable the Microsoft
SQL Server Enterprise Edition (2008 and higher) built-in mechanism for data
encryption, Transparent DATA Encryption (TDE), which provides much better
performance.  Alternatively,
administrators could use Encrypting File System which comes with Windows.

So here are the results of the efforts of the Engineering
team:

• Web UI responsiveness has
  increased by approximately 50%
• Scan and reporting
  performance has increased by approximately 50%
• 4-5 scans can run at the
  same time on single DAST scan server
• DAST scan servers can be
  deployed remotely from central AppScan Enterprise Server

We hope that the improved robustness of these
AppScan components will help enhance your overall experience with the product.