The duration of a security test is influenced by a variety of factors. Therefore, it's quite difficult to arrive at an estimate but some of the most common factors that influence the duration of a test are:
1. Size of the website- Very large websites cause tests to run for longer because each set of attack vectors must be tested on each of the webpages.
2. High number of ports- The higher the number of ports running services exposed to the internet, the longer the duration of the tests as a larger number of checks needs to be carried out.
3. Server response time- During a security test, thousands of HTTP requests might be sent to your web server. The test duration will increase if the web server takes a considerable amount of time to respond to these requests.
4. Intrusion prevention system- Another reason for an extended duration to complete tests might be because certain intrusion prevention systems tend to block our requests with their IDS technology. We recommend whitelisting our IP so that the testing can take place more effectively.