I can find the SQL Injection manually but WebInspect doesn't report SQL Injection vulnerability in the same UI.
It is a search box. When I input 1 or 1 = 1 and click search, it response a valid data. I used WebInspect to scan with Standard policy and also scanned again with SQL Injection policy, it doesn't report SQL Injection vulnerability. Could anyone let me know why this happens? Is there any configuration I should update? Thanks a lot.