This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
Learner_7
Captain
Captain
‎2015-05-22 12:36
3776 views

List Driven Scan Issue

Hi

 

I tried to do a list driven scan. When a list driven scan is done, we still get the options of crawl, crawl+audit, manual. 

My doubt is if I am providing the list of URL, what difference will it make if I select crawl option ?

 

Also, a list driven scan does not have option of restricting a scan to directory. So is the crawl also restricting to those URLs that are in the list?

 

 

0 Likes
Reply
Report Inappropriate Content
2 Replies
k1DBLITZ
Absent Member.
Absent Member.
‎2015-05-26 15:46

My doubt is if I am providing the list of URL, what difference will it make if I select crawl option ?

 

If you select the crawl option, the crawler will attempt to find and follow links on its own in addition to the URL's you have specified. 

 

So is the crawl also restricting to those URLs that are in the list?

 

Yes, if you select "Audit Only" as the type of scan.

Tags (1)
Reply
Report Inappropriate Content
HansEnders
Micro Focus Expert
Micro Focus Expert
‎2015-05-27 15:39

As k1DBLITZ indicated, the List may be used to force-feed known pages to the Crawler, which then proceeds with its normal Discovery phase.  Or you can use the List to limit the entire scan to only Auditing those pages in your List, omitting the Discovery phase.

 

Sadly, the List is limited to GET queries, since it only lists URLs and does not provide POST parameters.  But you can build the List using any combination of crawler or listing tool, so long as you format the input file for WebInspect appropriately.

 

An alternative to the List-Driven scan is a Workflow-driven scan, where you have pre-recorded sessions (GETS as well as POSTs).  You can import more than one recording into the (Guided) Scan Wizard, and the recordings could have been captured with our Workflow Macro Recorder tool, the included Web Proxy tool, or even BURP.  If you are a HP UFT user, those scripts can also be used, but require the UFT client be co-installed with WebInspect.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
Tags (1)
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.