The Application size values provide you with more options to help estimate test time and effort more accurately. You can edit the hours for these records or select New to create your own combinations.

You can modify Assessment type and Application size on values on existing penetration testing request records so that you can schedule tests to match sprint capacity. For example, if you fill out a test request, you might not see the number of sprints you configured, because some sprints are already taken for testing. If a sprint's estimated effort hours match the combination required for a test's type and size, they are not available for new requests.

You can see the sprints that are assigned to test requests on records on the Penetration Testing Sprints list at All > Application Vulnerability Response > Administration > Penetration Testing Configuration > Configure sprints. See Configure sprints for penetration testing for more information on configuring sprints.

The base values for Assessment type, Application size, and Estimated effort are:

Table 1. Penetration testing assessment type configuration form

Assessment type	Application size	Estimated effort (hrs)
Focused Test	Small	20
Focused Test	Medium	30
Focused Test	Large	40
Focused Test	Standard	40
Re-Test	Small	10
Re-Test	Medium	15
Re-Test	Large	20
Re-Test	Standard	20
Full Penetration Test	Small	60
Full Penetration Test	Medium	70
Full Penetration Test	Large	80
Full Penetration Test	Standard	80

Base values are:

Table 2. Penetration testing assessment type configuration form

Assessment type	Estimated effort (hrs)
Focused Test	40
Re-Test	20
Full Penetration Test	80