Best Practices

​

Best Practices

Below is a list of best practices we recommend you to follow to avoid common pitfalls that may impact your overal potential with BLACKBIRD.

​

Global Configuration

​

Delay parameter

Almost all of our pentesting tools are multi-threaded. This makes the scanners more susceptible to be deteected by Web Application Firewalls (WAFs) and other security rules set by your target.

For this reason, we recommend you to set the delay to at least 100 ms. This will ensure that the scanner waits 0.1 seconds between each subsequent HTTP request.

​

Timeout parameter

Make sure you adjust the HTTP request timeout parameter to match your target’s response time. The default timeout is set to 7000 ms (7 seconds), we recommend you to adjust the value to 8500 ms but do note that scans will take longer to finish.

​

Headless web browser

Advanced features such as the headless browser take more time to finish.

If you want to optimize your scans, we recommend you to turn off the headless web browser option in order to retrieve results at a much quicker rate.

​

Threads

Threads represent concurrent execution paths that allow multiple HTTP connections to be processed simultaneously. When configuring the number of threads for scanning, you’re effectively setting how many parallel HTTP requests a tool can maintain at once.

A higher thread count typically increases scanning speed by allowing more simultaneous connections, but it can also potentially overwhelm the target server. Consider starting with a moderate number of threads (e.g., 10-20) and adjust based on your target’s response characteristics.