Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Trusted Contributor.. pierregrabulos Trusted Contributor..
Trusted Contributor..
1472 views

Scan a .Net core WebApplication

Hi 

We have WebInspect 18.20 and we tried to scan (guided scan) a .net core Web Application.

When we enter the URL, no rendering is performed and so it is not possible to enter a login macro or to give some key locations at the end of configuration. We suppose it is so because of the technologie of the webApplication (.net core).

Does someone could agree with this supposition or already cope with this problem?

Thanks in advance for your responses, Regards, Pierre

 

0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Re: Scan a .Net core WebApplication

If you can load the application in a browser, run it through an intercept proxy (included Web Proxy, BURP, et al), and the HTTP Request data shows up, then WebInspect can scan it.

The rendering issue, supposedly in the Guided Scan Wizard, is likely due to the built-in Gecko browser, but does not mean the site cannot be scanned.  There are developments underway now to improve this, but I would switch to the Basic Scan Wizard and ignore the visual stuff in the Guided Scan Wizard for this target.

I prefer to set up the Macro in advance using the Login Macro Recorder, and not within the scan wizard.  The stand alone tool can provide a few extra features for trouble-shooting, without the overhead of the Wizard.  You might want to try out the older, session-based macro recorder using the MSIE-based Rendering engine, just to see if it is more successful than the default Firefox Rendering engine.  It may just be an issue with the (older) Gecko engine that WebInspect uses today.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Trusted Contributor.. pierregrabulos Trusted Contributor..
Trusted Contributor..

Re: Scan a .Net core WebApplication

Hi Hans

Thanks for your response.
I can load the application in a browser (IE, FF).

During a guided scan wizard, I cannot use the integrated FF (because the guided scan wizard stay in waiting mode) so I've to use the old session-based macro recorder using the MSIE-based Rendering engine, but in this case, no rendering is done. 

it is the same with the workflow/login macro recorder, if I choose Firefox, no recording is allowed.

Regards, Pierre

 

 

 

 

 

0 Likes
Trusted Contributor.. pierregrabulos Trusted Contributor..
Trusted Contributor..

Re: Scan a .Net core WebApplication

Hi Hans

another time: Thanks for your response.

just to mentiontionned that when I start IE as ADMIN mode I can uses the integrated firefox borwser

Regards, Pierre

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.