Duplicate Sessions in WebInspect scan results

Hi All,

I ran a basic unauthenticated scan using Standard policy against zero.webappsecurity.com, completed in 40mins.

What puzzeled me is that when looking at the Sesssion Tree, almost all identified session are duplicated, check screenshots. 

It seems that those sessions were identified/discovered through different paths, i.e. following different links.

Is this behaviour expected?

Thanks!

--Capture.WebInspect.Zero.Scan.Duplicate.Sessions.PNGDeyan

Tags:

  • That is not the expected outcome.  I compared your screen to the Sample Scan as well as running my own non-authenticated scan of Zero.

    • Do you still have these visual duplicates if you close the scan and re-open it on-screen?
    • Have you switched to Sequence View to see where these extra sessions were encountered?
    • The X-MEMO headers for each of these Sessions will indicate which engine (Crawl, Audit, Macro Run, et al) was responsible for making that individual HTTP Request.  The Referrer headers may also be of interest.
    • You may need to contact Fortify Support if you continue to see this pattern with other scans (softwaresupport.softwaregrp.com).
  • Hi Hans,

    Thanks for your reply.

    Yes, I do see those duplicates after reopening the scan.

    When checked the sequence  (for äccount"session ) there is 40 mins between HTTP requests.

    Referer HTTP header is different for both sessions, respectively the Sessions Steps, check screenshots:

    Duplicate.Sessions.HTTPRequest.pngSession steps:Duplicate.Sessions.SessionSteps.png

    Shall WebInspect create duplicate sessions if those are derived via different Session Steps?

    PS: Scan settins are attached.

    Thanks!

    --

    Deyan