Highlighted
nyscsoc Absent Member.
Absent Member.
4704 views

Running Authenticated scans with WIE

Is there a way to run the login macro generator without using the WebInspect Enterprise Console?

I'm looking for a way to have end users be able to generate their own login macros, similar to how the WebInspect Stand-alone does.

My group currently supports several state agencies with their Web Application scans and several of them have usernames and passwords associated with them. We would like to provide these agencies with a way to record their own login macro's without us having to create and send to them.

Labels (1)
0 Likes
2 Replies
richard.bri.smi Absent Member.
Absent Member.

Re: Running Authenticated scans with WIE

The HP Security Toolkit is available and designed for solving exactly the problem you are facing.  Most organizations using WIE will only grant their self service users access to the WIE web console.  This means they will not have access to some of the thick tools which a normal WebInspect standalone installation would make available.  The login macro recorder is the most noticeable tool missing, but the web form editor, web service test designer, web proxy, as well as a few lesser used tools are also missing.  The toolkit can be installed to your users computers and will provide easy access to these tools.  You can download the HP Security Toolkit from softwaresupport.hp.com.  Click Product Information | Downloads.  Enter your SAID, and then select Get Software Updates.  Next navigate to "Fortify Software Security Center", select "HP WebInspect version 10.40 English Software E-Media".  Click Get Software, and you will eventually be presented with the 32 and 64 bit WebInspect installation files, as well as the installation file for the HP Security Toolkit.  Feel free to message me if you have any issues.

Thanks!

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Running Authenticated scans with WIE

In addition to Rick's suggestion on the WebInspect Standalone Toolkit, you can also use WebInspect desktop to create the Login Macro and then pass that file along to the (file share) user who is configuring their scan.  In this situation of "future users" I would customize that Login Macro with parameters for the username/password so they can get a little more use from it without needing fresh Macros recorded.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.