general performance issues
Hi, I've tried to run Secure against our API and it gradually loses momentum. it starts off very quick and then gradually dies.
through the GUI i've turned off logs and that was a lot better, but eventually it just crashes on Mac OSX, so i went to the CLI using -I and -O to try and trim it down but get this
ERROR [errorlog] java.lang.OutOfMemoryError: Java heap space
java.lang.OutOfMemoryError: Java heap space
java.lang.OutOfMemoryError: Java heap space
but even before that happens i get my CPU fan turned on (on mac osx it hit 700%, wtf.. is that right?) with reuqests of 600000ms and 4gb memory usage (I have a 16 gb machine but i know ram in the xmx can be increased but i have my underlying osx and a vagrant server running so 4gb is about all i have to spare) after maybe 24000 requests when the likes of OWASP ZAP is handling many times that so it can't be the vagrant server.
i CAN just use CLI switches to make every security category run separately and i suppose make each one write to another report directory? but in doing even that i'm assuming garbage collection etc is working ok. Most of the CPU spikes seem to happen during XSS attacks but that's only an unverified casual observation.
I've read the memory usage knowledgebase article but nothing in there helps afaik
also, as a side note, running through the CLI exposes a LOT of soapui calls failing due to invalid characters etc in an XSS attack. are these definitely hitting the API or am i getting false negatives because the tool is failing to process attacks and therefore the API isn't even receiving them?
i can accept making a separate run for each test classification but if the soapui element isn't even throwing tests at the api due to a failure to handle the exact kind of strings designed to cause errors that's kinda worrying
