Absent Member.
Absent Member.
4871 views

WebInspect Agent - Test Applications and Documents

I'm trying to understand how does WebInspect agent work for both Java and .Net. Are there any applications provided to test these? Also any reference documents would be very helpful.

Labels (1)
0 Likes
3 Replies
Absent Member.
Absent Member.

Harish:

First the Agent which is available in the HP WebInspect Group is the 4.2 version.  Previously has comment about the API documentation and configuration to help use for both JAVA and .NET configuration.  With both you would install the agent in specific locations and load a custom configuration file specific for your environment.

His previous comments can be found in the these forum threads.

API Documentation

WebInspect Agent

Hope these help some.

Joel E. Natt CISSP, CRISC
Hewlett-Packard Enterprise Software Education
Exam Development Lead – Hewlett-Packard Enterprise Software

Trainer – HP Software Education – Fortify, TippingPoint

 

Get Training: http://www.hpenterprisesecurity.com/university

Get Certified: http://h10120.www1.hp.com/ExpertOne/certification_program_overview.html

Joel E. Natt, CISSP CRISC
Global Exam/Certification Development Manager – Hewlett Packard Enterprise Software Education
0 Likes
Absent Member.
Absent Member.

The WebInspect Agent is based on the Fortify Runtime framework and integrates directly with the web server hosting the site such as Apache Tomcat or Windows IIS. The WebInspect Agent uses specific rules to identify application behavior at the runtime level that is indicative of vulnerabilities being exploited and then send this information back to WebInspect using the same port as the web application so that firewall rules do not need to be opened.  Using it's location directly inside of the application while running, the WebInspect Agent also sends back information around the attack surface and which part of the application a given attack is going to exercise. Using this information WebInspect can avoid retesting certain functions that might appear on several pages of the website, decreasing the overall scan time.

As for applications to test it against I would recommend using some of the popular intentionally vulnerable applications like HackMeBank. Hacme Bank v2.0 | McAfee Free Tools

0 Likes
Absent Member.
Absent Member.

Thanks guys for your replies.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.