WebInspect Installation Files Query

Hi All 

Recently I have downloaded the setup files of HP WebInspect. 

I have got three folders in the download. Could you please let me know what each of these mean ?

1. HPESecurityToolkit_xx.zz

2. WebInspect_64_xx.zz

3. WebInspect_Agent_xx.zz

xx.zz is the version number. 

 

Tags:

Parents
  • Verified Answer

    1. HPESecurityToolkit_xx.zz = "WebInspect Standalone Toolkit" - This is a small collection of most but not all of the secondary tools that come inside WebInspect's Tools menu and elsewhere.  There is no license required for this installation.  This toolkit is available mostly so customers owning WebInspect and/or WebInspect Enterprise can enable their developers and other staff in-house with some of the tools that they would lack by not using WebInspect.  Most frequently this is in relation to verifying a reported defect, or in recording Workflow Macros for use by the WebInspect user later.

     

    2. WebInspect_64_xx.zz = WebInspect installer - This is the installer package for WebInspect (desktop) and/or WebInspect Enterprise Sensors.  Within its ZIP file download, you may find two smaller installers (an EXE and a MSI) and/or a single "Full Release", larger installer with "FR" as part of the file name.  The base installer is smaller, includes a call for the web installer of the .NET x.z.y prerequisite, and it may be an EXE or MSI.  The base installer is best if the user plans to use a "normal" MS SQL Server (Standard or Enterprise Edition) rather than SQL Express, or they are simply reinstalling the product where any MSSQL database connection is already installed and configured

    The larger, "Full Release" installer includes that base installer but also includes the installer for SQL Server Express.  In WebInspect 17.10 I believe it carries SQL Express 2012 SP1.  The Full Release installer is good for first-time, "green field" installations where they plan to use SQL Express, e.g. an evaluation user.  Sometimes this installer suffers from a silent SQL Express installation failure error, and the fix is to manually download and install SQL Express.  That situation is exposed by Windows Event Viewer errors that reference to file(s) on a missing E:\ drive.

     

    3. WebInspect_Agent_xx.zz - This is the free WebInspect Agent used to augment WebInspect scans.  The WI Agent is a form of the Fortify Runtime product that should be installed on the target web application server prior to testing, and it is used to communicate back to the scanner in real-time.  The exact installer you would extract from this Zip will be either one meant for Java-based servers (e.g. Tomcat, et al) or one meant for MSFT IIS .NET servers.  When present and scanned by either WebInspect (desktop) or a WIE Sensor, this combination constitutes our IAST solution, "WebInspect Real-Time", sometimes abbreviated by users as "WIRT".

    The agent provides numerous features back to the scanner in real-time, making the IAST scan much deeper and thorough than a pure black box scan.  All communication takes place within the scanning HTTP Headers, so no additional side channel or configuration is required to benefit from installing the WI Agent.  The user may want to enable Duplicate bundling inside the Aplication Settings of WebInspect, but that is simply a UI feature, not an enable/disable feature of WIRT.  Due to its feedback and lack of authentication/authorization, the WebInspect Agent is not recommended for Production systems, due to a risk of information disclosure.  It was designed for private, Test/QA networks.

  • Thanks for the detailed information. It really helped! 

Reply Children
No Data