Ensign
Ensign
9847 views

WebInspect Tutorials and Examples

Jump to solution

Hi,

I tried to access the tutorials by following the link found inside webinspect's toolbar at the top, under the help section but it redirects to a non-existant page.  if anyone could help me and point me to where the resoruces are storred I would reall appriaciate it. (Using version 17.10)

 

Also had a quick question on how a Workflow macro work as the documentation just says that it records a use case to be used during crawl/audit. But when I created a basic macro of navigating to a particular section, fill out a form and submit it, it didn't detect any SQLi/XSS vurnabilities. Checking the log it showed that it used the same values as I provided in the macro. So does that mean the input overrides the policies and vurnabilities found there? Meaning it will use recorded values rather than try all different types of XSS and SQLi inputs? 

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Admiral Admiral
Admiral

I believe all of the tutorials are available now on YouTube - try a search there.

A workflow macro simply replaces the crawl with whatever path you take through the application when you are recording.  If you choose "audit only" (the default for a workflow scan) then attacks will be performed only on the pages you visited.  If you choose "crawl and audit" then additional crawling will be performed together with the audit.  In either case the audit phase of the scan will perform whichever attacks are enabled in the policy you have chosen - so if there is a SQL Injection check enabled, for example, the payloads associated with that will be applied regardless of the form field values you submitted when recording the workflow.  If you enable traffic in the scan then this should be evident from the resulting traffic once the scan is complete.

View solution in original post

2 Replies
Admiral Admiral
Admiral

I believe all of the tutorials are available now on YouTube - try a search there.

A workflow macro simply replaces the crawl with whatever path you take through the application when you are recording.  If you choose "audit only" (the default for a workflow scan) then attacks will be performed only on the pages you visited.  If you choose "crawl and audit" then additional crawling will be performed together with the audit.  In either case the audit phase of the scan will perform whichever attacks are enabled in the policy you have chosen - so if there is a SQL Injection check enabled, for example, the payloads associated with that will be applied regardless of the form field values you submitted when recording the workflow.  If you enable traffic in the scan then this should be evident from the resulting traffic once the scan is complete.

View solution in original post

Ensign
Ensign

Thank you for the response.

 

Found the webinnars and tutorials on Youtube, in the HPE Software channel. Should be enough for the time being. 

And that clarifies about workflow macros.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.