Highlighted
AutoDan Absent Member.
Absent Member.
10126 views

WebInpsect Real-Time/Security Scope

Jump to solution
Hi, I was wondering if this product is still part of HP's suite of application security products? I can seem to find any mention of it with the other security products http://www8.hp.com/us/en/software-solutions/application-security/ Is this now included as part of HP WebInspect Enterprise/SSC, or has it been superseded by another product? Many thanks, Dan
Labels (3)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Re: WebInspect Real-Time / SecurityScope >> WebInspect Agent

Jump to solution

It was superceded, but in a good way!  SecurityScope was actually improved and rebranded as "WebInspect Agent".  WebInspect Real-Time live on!   The Agent can be deployed for free on as many targets as you need (Java or .NET web servers only right now).  I do not believe it is ready to be used (or left) on a Production system due to the back-end communication it provides the scanner.

 

To download and read up on WebInspect Agent, go to WebInspect's public product page (current is 10.20) at https://download.hpsmartupdate.com/webinspect/   Look to the bottom of the page.

 

The only confusing thing you will see is that all the WebInspect agent links take you to documents and installers for Fortify Runtime.  The Agent (and SecurityScope) is just the Runtime product with a different tact, communication and exposure rather than monitoring and protection.  So don't let the name of the materials turn you off.  During the Runtime installation you simply select the option for WebInspect Agent and it provides the specialized fortify.license file you will need automatically.

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

HP WebInspect Agent

 

The new WebInspect Agent allows customers to take their application testing to the next level, offering deep insight into the behavior of the application. The WebInspect Agent makes WebInspect scans more accurate, helps find more vulnerabilities and delivers information to help developers remediate issues faster.

  • Supports Java and .Net applications
  • Returns stack traces when available
  • Returns the SQL query sent to database server for SQL injection attacks
  • Enables CAPTCHA bypass
  • Identifies RESTful endpoints for testing
  • Ensures better coverage by identifying pages not linked to elsewhere throughout the site
  • Available to all customers with a WebInspect or WebInspect Enterprise license

 

HP WebInspect Agent 10.20 Installation Packages

HP WebInspect Agent 10.2 Documentation

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
5 Replies
Micro Focus Expert
Micro Focus Expert

Re: WebInspect Real-Time / SecurityScope >> WebInspect Agent

Jump to solution

It was superceded, but in a good way!  SecurityScope was actually improved and rebranded as "WebInspect Agent".  WebInspect Real-Time live on!   The Agent can be deployed for free on as many targets as you need (Java or .NET web servers only right now).  I do not believe it is ready to be used (or left) on a Production system due to the back-end communication it provides the scanner.

 

To download and read up on WebInspect Agent, go to WebInspect's public product page (current is 10.20) at https://download.hpsmartupdate.com/webinspect/   Look to the bottom of the page.

 

The only confusing thing you will see is that all the WebInspect agent links take you to documents and installers for Fortify Runtime.  The Agent (and SecurityScope) is just the Runtime product with a different tact, communication and exposure rather than monitoring and protection.  So don't let the name of the materials turn you off.  During the Runtime installation you simply select the option for WebInspect Agent and it provides the specialized fortify.license file you will need automatically.

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

HP WebInspect Agent

 

The new WebInspect Agent allows customers to take their application testing to the next level, offering deep insight into the behavior of the application. The WebInspect Agent makes WebInspect scans more accurate, helps find more vulnerabilities and delivers information to help developers remediate issues faster.

  • Supports Java and .Net applications
  • Returns stack traces when available
  • Returns the SQL query sent to database server for SQL injection attacks
  • Enables CAPTCHA bypass
  • Identifies RESTful endpoints for testing
  • Ensures better coverage by identifying pages not linked to elsewhere throughout the site
  • Available to all customers with a WebInspect or WebInspect Enterprise license

 

HP WebInspect Agent 10.20 Installation Packages

HP WebInspect Agent 10.2 Documentation

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
AutoDan Absent Member.
Absent Member.

Re: WebInspect Real-Time / SecurityScope >> WebInspect Agent

Jump to solution
This is great news, will now need to start work on my business case to get it installed on all our PreProd Server, eep! Thank you very much as always Hans. Dan
0 Likes
Regular Contributor.. Mente Regular Contributor..
Regular Contributor..

Re: WebInpsect Real-Time/Security Scope

Jump to solution

Anybody know what the "WebInspect_DBUpgrade10_1_to_10_2.sql" script is meant to achieve when going from 10.1 to 10.2?

 

The WebInspect upgrade itself doesn't seem to complain about the database at any point or suggest an upgrade to the local database schemas, etc. Further to that, we only have SQL Express on the local machine, not the full MS SQL.

 

Thanks,

 

George

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: WebInpsect Real-Time/Security Scope

Jump to solution

The upgrade script is meant for SQL Server users, not necessarily SQL Express users.  It is for when/if those users experience an issue with the automated upgrade, or who use a shared SQL environment and prefer that the DBA's run things of this nature for them.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Regular Contributor.. Mente Regular Contributor..
Regular Contributor..

Re: WebInpsect Real-Time/Security Scope

Jump to solution

Thanks Hans. That's good to know.

 

Appreciate the clarification.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.