sample;

1. Does the version/patch update will have new checks/content included in the standard policy apart from the additional new enhanced features that is provided?

• Not in this release.  Some WebInspect releases include lots of new attack functionality or parsing improvements that enable select new attacks or checks.  WebInspect version 10.20 involved mostly new and improved capabilities around the software rather than the attacks.  It has an improved DOM/HTML5 parser which you may want, a BURP import,  GWT scanning, and Autodetection of CSRF Tokens, better than before!  Please review the Release Notes here:    https://download.hpsmartupdate.com/webinspect/

2. The frequency of the patches that HP releases? Monthly/Weekly/Fortnightly?

• Previously we released new attacks or checks via SmartUpdate immediately, as soon as our research team published them into the SecureBase.  This process was reined in a little recently so that the SmartUpdate may arrive as a quarterly package.  This brings these releases in line with the quarterly cycle of our Rulepack updates releases for Fortify SSC/SCA/Runtime.  I personally dislike this slow down, as I feel the immediate nature of the SmartUpdates is a better fit for DAST.  That being said, SmartUpdate is always available, and we will push immediate-need items such as the recent OpenSSL "Heartbleed" check.  Sadly, our competitor's blogs are still discussing how to apply a program hot fix to add that test for themselves.

3. What & when is the next version to be released?

• The next WebInspect release is expected in the fall of 2014, as we have shifted the cadence for both our DAST and SAST development teams to twice-annual releases.  This slows down the churn experienced with constant updating and staging release materials, and offers us a longer period to include more substantial improvements with each release.  This 10.20 release was April so I might expect October/November?

4. What is the benefit to the users on downloading and using these patch update and version upgrades and why is essential to be up-to-date.

Please review the Release Notes at https://download.hpsmartupdate.com/webinspect/  and even at https://download.hpsmartupdate.com/wie/.  If you are not up-to-date, then what are you paying your Support and Maintenance contract for?  Our aim is to provide you with the greatest scanning technology at all times.  (Plus, Customer Support will groan audibly if you call in about an ancient version such as 6.x   :-)

WebInspect 10.20 introduces Mobile scanning options to it scan wizard, for IOS and Android systems or applications.  It can scan native applications as well as scan as if it were a mobile device.

The TruClient Web Macro Recorder continues to be improved for accuracy and simplicity.

FIPS compatibility has been added for those clients where that encryption algorithm is required on their network machines.

A new WebInspect API offers an additional method to automate WebInspect desktop scans, just as with the existing Scheduler, Enterprise Scans, or CLI (command-line interface, WI.EXE).

Lastly, WebInspect 10.20 now includes both the HP LIM 3.0 (https://download.hpsmartupdate.com/lim/) and HP WebInspect Agent 10.20 (https://download.hpsmartupdate.com/webinspect/).  These replace the former HP LIM 2.0 and HP SecurityScope 4.0, respectively.  These products are now included with WebInspect for free, and the installer for the LIM is present on the WebInspect machine for use on the respective (remote) machine.  WebInspect Agent improves upon its preceding SecurityScope with a new Active Mode (for Java applications currenlty), doing everything previously possible in "WebInspect Real-Time" ("WIRT"), but also advising the scanner on new attack trajectories in real-time.  And WebInspect Agent also supports .NET web servers as well, just not with that extra "Active Mode" feature.

I'm upgrading from 10.1 to 10.2, do I need to use the WebInspect with prerequisites or just the WebInspect (327MB)?  Your help is appreciated.

Usually the SmartUpdate process itself does this work for you, once you enable the check box and click Download.

The larger "Full Release" or "FR" installer for WebInspect comes with SQL Express 2008.  If you are merely upgrading your WebInspect, and especially if you are using full MS SQL rather than Express with your implementation, then you would only want the smaller installer.

Hi Hans, Can we have the updated URL's for Smart updates release vise. We are undergoing audit and need to provide what are the new updates reflected in the tool. 

The current URL for SmartUpadte is - https://smartupdate.fortify.microfocus.com/. If you are looking to download the application, you can do this via the Support Portal - https://www.microfocus.com/en-us/support/login. Regarding What's New, you can view this on the documentation page - https://www.microfocus.com/documentation/fortify-webinspect/. Here is a link to the 22.2 version - www.microfocus.com/.../index.htm