Absent Member.
Absent Member.
4729 views

Looking Best Practice for HP Webinspect Ent

hello Everyone,

 

we have some plans to implement so i am preparing document's regarding webinspect product if any one else have best practice please share with me 

 

thanks in advanced

Labels (1)
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

You will probably get more lively input on the wall-garden user forms at https://protect724.hp.com/

 

 

Here are few for starters, on WebInspect (desktop).

 

Always perform prior analysis.

  • Load the site in your browser.  Verify the login works.  See what a 404 page looks like.  Adjust the File Not Found settings to match, if needed.
  • Run the Server Profiler, and possibly the Server Analyzer too.

 

  • Record your Login Macro outside of the Guided Scan Wizard, unless you are already comfortable with the features it offers.  The Guided Scan Wizard has additional features that can confuse your use and saving the macro.
  • Make efforts to automate everything.  Don't use Manual Step-Mode just because you cannot figure out a Login Macro.  Save Workflows and Macros in the Scan wizard so you can reuse them.  Save your scan settings for reuse as well.
  • Consider appending to the Web Form Editor input file, especially if many fields show a value of "12345".
  • Double-check the HTTP Responses randomly to see if the scan was indeed logged in.
  • Use a wrench to get the WADL from the developer rather than try figuring out all the Custom Parameters on your own.
  • Use the Rescan > Vulns Only option to save time on review.
  • Find ways to use the Send As or manual XML Full export to get the results directly into the developer's work queue.  They do not want a PDF.

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
Tags (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.