Highlighted
sandroffsilva Absent Member.
Absent Member.
9732 views

WebInspect Agent

Jump to solution

I'm trying to run a WebInspect Scan on SSC but it's asking for the WebInspect Agent, somebody knows where can I find it? or where can I download it? 

I read something about the agent come along with the WebInspect's installation but I'm not finding in my installation package.

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Re: WebInspect Agent

Jump to solution

WebInspect agent is not required, but it can provide you much greater results with our IAST solution (scanning WI Agent enabled site with WebInspect).  This combination of these these in use is known as "WebInspect Real-Time" or "WIRT".

The WI Agent supports Java or IIS .NET web server frameworks. It is a specialized form of Fortify Runtime that is meant to communicate with WebInspect or the WebInspect Enterprise Sensor in real-time.  Essentially you download the Runtime installer for your framework (from HP's SSO portal), install it and restart the web service, then scan it.  And WebInspect Agent is free!

Here are some Tagged articles for these:

Benefits of WIRT:

  • Attack Surface Exposure – all pages known
  • Attack Surface Exposure – all inputs known
  • Attack Validation – Regardless of the HTTP Response, WebInspect Agent can inform WebInspect when an attack was successful on the back-end
  • Time-Saving – CAPTCHA Bypass (supported CAPTCHA listed in the Fortify System Requirements doc)
  • Time-Saving – Attack types that are having little effect will be advised to turn off
  • Time-Saving – Parameters that were previously tested will be skipped when they appear elsewhere (Java frameworks only)
  • Time-to-Remediation – Duplicate findings are bundled in WebInspect so only one defect is reported.
  • Time-to-Remediation – Any Stack Traces triggered are collected and kept with the vulnerability details.  These can include LOC detail and SQL Query information.

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: WebInspect Agent

Jump to solution

WebInspect agent is not required, but it can provide you much greater results with our IAST solution (scanning WI Agent enabled site with WebInspect).  This combination of these these in use is known as "WebInspect Real-Time" or "WIRT".

The WI Agent supports Java or IIS .NET web server frameworks. It is a specialized form of Fortify Runtime that is meant to communicate with WebInspect or the WebInspect Enterprise Sensor in real-time.  Essentially you download the Runtime installer for your framework (from HP's SSO portal), install it and restart the web service, then scan it.  And WebInspect Agent is free!

Here are some Tagged articles for these:

Benefits of WIRT:

  • Attack Surface Exposure – all pages known
  • Attack Surface Exposure – all inputs known
  • Attack Validation – Regardless of the HTTP Response, WebInspect Agent can inform WebInspect when an attack was successful on the back-end
  • Time-Saving – CAPTCHA Bypass (supported CAPTCHA listed in the Fortify System Requirements doc)
  • Time-Saving – Attack types that are having little effect will be advised to turn off
  • Time-Saving – Parameters that were previously tested will be skipped when they appear elsewhere (Java frameworks only)
  • Time-to-Remediation – Duplicate findings are bundled in WebInspect so only one defect is reported.
  • Time-to-Remediation – Any Stack Traces triggered are collected and kept with the vulnerability details.  These can include LOC detail and SQL Query information.

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
sandroffsilva Absent Member.
Absent Member.

Re: WebInspect Agent

Jump to solution

Tks Hans, I think this will help me.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.