CAPTCHA in website
my frist page is a login name + password & a CAPTCHA .
How can I do a scan on this ?
Any doc or step I can follow ?
You have a few options:
1) Record Web Form Values and mark the CAPTCHA input as 'interactive' and use that WebFormValuesFile for your scan, that way you'll be prompted for the value when it's necessary. Means you need to "baby-sit" the scan.
2) Check the 'Prompt for web form values during scan (interactive mode)' checkbox and NOT use a WebFormValuesFile for your scan, that was you'll be prompted to input a value (or skip the form) for any forms encountered during the scan. When scanning in Interactive Mode, if you get a blank screen in the Web Form Value Input Dialog, press the skip button.
4) Have developers turn off/bypass CAPTCHA functionality for the IP you are scanning from. Pretty crude way to deal with it, but this is often done for performance testing. Of course, you won't be testing the CAPTCHA functionality in terms of security by doing this.
In terms of reading material, you could Read The Manual, read official training course material, and search this forum for 'CAPTCHA'.
I tried with options mentioned, made field interactive, and read from a file. But script never stopped or did not ask the captcha to enter interactively, any other setting needs to be updated ?
I have trial license
Make sure the field name is correct as mentioned in the user guide - https://www.microfocus.com/documentation/fortify-webinspect/2010/WI_Help_20.1.0/index.htm#InteractiveScans.htm
There is another workaround that may help if this one does note - https://softwaresupport.softwaregrp.com/doc/KM03693372
For captcha I don't have file, I made field has interactive, and selected that field as interactive. application UI never showed up. My settings seems to be correct as described or suggested in community response.