Suite Creation Recommendations

New
  • Updated on Apr 28, 2025
  • 2 minute(s) read
Prev Next

Creating efficient and targeted test suites is critical for maximizing coverage and minimizing runtime while testing your application ecosystem. This page highlights the recommended ways to structure your suites based on the following:

  • Attack type, plugin groupings, and execution schedules

  • Number of tests and assets

These recommendations are designed to help you optimize performance, focus scans on relevant assets, and ensure continuous security improvement.

Attack Types

The following breakdown groups attacks into logical suites based on common categories and test volumes. Each suite recommendation also includes approximate test counts and suggested scan frequency. You can use the below Attack Selections while creating a policy, and then utilize the policy while creating a Suite. While creating the suite, you can also use the recommended schedule. For information on how you can split suites based on the attack types and assets, see Number of Tests and Assets.

Suite Type

Attack Selections

Recommended Schedule

Approximate Tests

Remote Code Execution Suite

  • PHP-CGI Remote Code Execution (CVE-2024-4577)

  • Shell Shock Remote Code Execution (CVE-2014-6271)

  • Expression Language Injection

  • OS Command Injection

  • Buffer Overflow

  • Integer Overflow Error

  • Java Log4Shell (CVE-2021-44228)

Weekly

800,000

DB Attacks Suite

  • Error-Based SQL Injection

  • Blind NoSQL Injection

  • Blind SQL Injection

Weekly

800,000

XSS Attacks Suite

  • Reflected Cross-Site Scripting

Weekly

900,000

Design and Configuration Attacks Suite

  • XXE Remote File Inclusion

  • Directory Listing Leak

  • GraphQL Field Duplication Attack

  • GraphQL Alias-Based Attack

  • GraphQL Interface Protection

  • Bypass

  • Resource Intensive GraphQL Query

  • GraphQL Batch Query Attack

  • GraphQL Interface Exposure

  • GraphQL Field Suggestion

  • Graphql Introspection

  • HTTP Redirect

  • Server Version Disclosure

  • Cross-Domain Misconfiguration

  • XXE Local File Inclusion

Daily

235,000

Protocol Attacks Suite

  • TLS Certificate Transparency

  • BREACH

  • HEARTBLEED (CVE-2014-0160)

  • ROBOT (CVE-2017-13099)

  • TLS Certificate Wildcard

  • SSL/TLS Weak Ciphers

  • SSL/TLS Expired Certificate

  • TLS Not Implemented

  • Browser Exploit Against SSL/TLS (BEAST) (CVE-2011-3389)

  • Revoked Certificate

  • SWEET32 - Birthday attacks against TLS ciphers with 64bit block size (CVE-2016-2183)

  • Self Signed Certificate

  • Broken Certificate Chain

  • SSL/TLS Diffie-Hellman Attack (Logjam) (CVE-2015-4000)

  • Padding Oracle on Downgraded Legacy Encryption (POODLE) (CVE-2014-3566)

  • Certificate Common Name Mismatch

  • TLS/DTLS CBC Attack (Lucky13) (CVE-2013-0169)

  • Compression Ratio Info-leak Made Easy (CRIME) (CVE-2012-4929)

  • HTTPS Content Available via HTTP

  • HTTP Redirect

  • Insecure HTTP Method

  • GET for POST

Daily

200,000

Auth and Business Attacks Suite

  • Parameter Pollution

  • Weak Password

  • Mass Assignment

  • All JWT (JSON Web Token) Category

  • Parameter Tampering

  • Server Side Request Forgery Blind

  • Unauthenticated Access

  • Multiple Versions of API

  • Broken Object Level Authorization

  • CRLF Injection

Daily

113,000

Number of Tests and Assets

Traceable recommends splitting a large suite into multiple smaller suites in scenarios where the number of attack types or assets (APIs) is significantly high. This helps:

  • Ensure that scans run efficiently without overutilizing resources

  • Prevent long-running scans that may result in a timeout or other connectivity issues

This section highlights the recommendations for splitting suites, enabling you to create suites efficiently based on the scale of your application testing.

You can break down suites in either of the following ways:

  • Split by Attack —  Divide the attack selections into multiple sets and create a separate policy for each set. You can then use each policy in its own suite.

    For example, in the above table, if the DB Attacks Suite contains ~800,000 tests across three attack selections, you can split it into three policies, each with a single attack selection. Further, you can assign them to three separate suites. This helps distribute the tests and allows for efficient testing.

  • Split by Assets — Divide the list of APIs across multiple suites while keeping the same attack policy.

    For example, if you are testing Cross-Site Scripting on 5,000 APIs using the XSS Attacks Suite (~900,000 tests) from the above table, you can create one policy with the Reflected Cross-Site Scripting attack selection. Further, you can assign this policy to two separate suites, each covering 2,500 APIs.

For information on the steps to create a suite, see Creating a Suite.

Related articles