There is a number of options to help you configure the actual tests to be performed by the Scanner.
Sitemaps files such as robots.txt and sitemap.xml are specialized files which help search engines discover site content. The scanning engine automatically read these files and identifies resources to be included as part of the test. Turn this option off to ignore sitemap files.
Templatised Request Cap
This option controls the number of similar requests which will be processed by the testing engine. For example, a single app may contain many URLs and forms which lead to the same location but with different request parameters.
A form may have a select drop-down with 195 countries. The parameter may not have any noticeable effect on the response after sampling it up-to the "Templatised Request Cap" value. Therefore, once this threshold is reached, no further similar requests will be made. As a result, the scanning engine will run a lot faster.
Parameterized Request Cap
This option defines the total number of requests which contains the same parameter names but with different values. The option will ensure that no additional requests will be tested beyond the cap value.
The testing engine is capable of automatically discovering hidden files and folders. You can turn this behavior off with this option.
The Scanner provides a number of security test categories. All categories are included by default. You can turn off categories which should not be covered.
For example, if the application does not use SQL database for a backend, you can turn off the SQL Injection category. This will improve the performance of the Scanner.