Looking Best Practice for HP Webinspect Ent

hello Everyone,

 

we have some plans to implement so i am preparing document's regarding webinspect product if any one else have best practice please share with me 

 

thanks in advanced

Tags:

Top Replies

  • You will probably get more lively input on the wall-garden user forms at https://protect724.hp.com/

     

     

    Here are few for starters, on WebInspect (desktop).

     

    Always perform prior analysis.

    • Load the site in your browser.  Verify the login works.  See what a 404 page looks like.  Adjust the File Not Found settings to match, if needed.
    • Run the Server Profiler, and possibly the Server Analyzer too.

     

    • Record your Login Macro outside of the Guided Scan Wizard, unless you are already comfortable with the features it offers.  The Guided Scan Wizard has additional features that can confuse your use and saving the macro.
    • Make efforts to automate everything.  Don't use Manual Step-Mode just because you cannot figure out a Login Macro.  Save Workflows and Macros in the Scan wizard so you can reuse them.  Save your scan settings for reuse as well.
    • Consider appending to the Web Form Editor input file, especially if many fields show a value of "12345".
    • Double-check the HTTP Responses randomly to see if the scan was indeed logged in.
    • Use a wrench to get the WADL from the developer rather than try figuring out all the Custom Parameters on your own.
    • Use the Rescan > Vulns Only option to save time on review.
    • Find ways to use the Send As or manual XML Full export to get the results directly into the developer's work queue.  They do not want a PDF.