Is application logs can be audited through Web inspect 10.30 ?
I want to track and block the customer related details printed in application log. Is this possible through Web Inspect v10.30
No, WebInspect is used to scan and interrogate the web front-end (HTTP) of the site. From that perspective, it cannot (normally) access any log files on that remote server's hard drive.
This might be something you would do with a SIEM, such as HP ArcSight's ESM or Logger solution. Those offer Connectors which can lift files from a system or appliance and review for risks or unwanted activity.
Another solution you might review if HP Fortify's Runtime product. This wraps the web server's framework and captures all user activity within and through the application, whether is is Java-base don run son IIS .NET. This user activity can be logged, blocked, or both, and it can share the monitored activity with ArcSight ESM. Besides the core Runtime product, HP AppView is a version of Fortify Runtime which is specifically tailored to be used with ArcSight ESM and it has a slightly different focus in the events that it monitors. The same Runtime on-site capability can be leveraged and managed from a Cloud perspective with HP AppDefender.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
Are you actually referring to a specific report or the application log on the server that is conducting the scan?
Or are you actually referencing the Log View (Tools --> Log Viewer) of the application and the various components it offers?
So any more details will help if it is specific to the HP WebInpsect product.
Joel E. Natt CISSP, CRISC
Hewlett-Packard Enterprise Software Education
Exam Development Lead – Hewlett-Packard Enterprise Software
Trainer – HP Software Education – Fortify, TippingPoint
Get Training: http://www.hpenterprisesecurity.com/university
Global Exam/Certification Development Manager – Hewlett Packard Enterprise Software Education