Crawl count in Dashboard is much greater than the count of crawled URLs(in report generated)
I have scanned an application in WebInspect 10.1.177.0 and crawl count was 1000 in dashboard when scan was completed.
Generated crawled URLs list and it has only 65 URLs.
1. Why 'crawl count in dash board' is not same as 'number of crawled URLs(from generated report)'?
2. Should Generated crawled URLs list contain all 1000 URLs?
3. What exactly does the crawl count shown in the dashboard mean/refer?
Please respond asap. This is very urgent.
Re: Crawl count in Dashboard is much greater than the count of crawled URLs(in report generated)
This is as designed.
The Crawl Count shown on the WebInspect Dashboard represents all of the "Sessions" found and how many of those have been individually requested. It is important to note that a Session is not a URL nor a web page, but the combination of the web page plus its parameters. Take a single URI and begin switching out parameters, and each one is a distinct Session. This is an important distinction because a vulnerability might only occur when select inputs are submitted in conjunction with the exploit input. The Crawler engine may be limited somewhat under the Scan Settings > General panel > "Include parameters in hit count", but that does not alter the Dashboard's focus to number the Sessions.
By comparison, the Crawled URLs report is just a listing of the web pages encountered on the site, but not a precise representation of how many permutations of those HTTP Requests were made. It is not a list of Sessions tested. The purpose of this report is to provide a listing of the portions of the web application that were included in the scan, essentially the web site coverage.
From the WebInspect Help guide we find this definition for the Crawled URLs report.
For each URL encountered during the crawl, this report lists any cookies sent and the raw HTTP request and response.
Please also be aware that we are releasing WebInspect 10.40 this Spring 2015. WebInspect 10.10 was released in the Fall of 2013, so your attack engines and other crawler functions are not be as modern as they could be. Please run SmartUpdate and review if there is an update avalaible to install. There is a new WebInspect release each Spring and Fall, with quarterly updates to the attack database, plus any mid-cycle Zero-Day updates deemed necessary, all delivered free with SmartUpdate for valid licenses.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify