New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
262 views

WebInspect scan on Dynamics 365

Jump to solution
Hello. I am new to using Fortify WebInspect and need some guidance (if available) on conducting a basic scan of an application in Dynamics 365.

I can't get the login macro to record properly (and WebInspect won't allow me to use the good macro recorded with the Web Proxy tool). The macro still saves and the scan continues. But the scan never stops (runs for 10+ hour until I force it to stop).

I have tried running both a Basic Scan and a Guided Scan with no success. Are there any special settings I can or should set to get the scan to stop looping through the site tree in Dynamics 365?

Any advice is greatly appreciated. Thanks!
0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

@ISSTacs_OITS take a look at the following resources for additional information/assistance:

  • https://community.microfocus.com/t5/Fortify-User-Discussions/WebInspect-Scan-Configuration-Tricks-and-Best-Practices/m-p/1587049
  • Sessions Exclusions:
    • Example 1:
      • To prevent identical, dynamic folders from being added to the scan length, yet include some variants (1 through 13) in the scan for security coverage. If directories are all of the form: "/psp/ps_1/", "/psp/ps_2/", "/psp/ps_44/", et al.
      • excluded URL = /psp/ps_([1][4-9])|([2-9][0-9])/
      • version for also excluding 3-digit folders = /psp/ps_(([1][4-9])|([2-9][0-9])|(/d/d/d))/
    • Example 2:
      • Regex = \/products\/(?!\wa)\w\w\/
      • Scenario: This is specific to these this /products/ folder structure. It will cause all of them to be omitted by WebInspect, except for those folder names with the letter "a" in the second position. I chose "a" arbitrarily, but you could alter this easily by replacing the "a" character in the regex with your desired character.
  • Inclusive Exclusions as mentioned in this KB - https://softwaresupport.softwaregrp.com/doc/KM03228261

Also, make sure you have the following configured:

  • Perform redundant page detection - Edit > Current or Default Scan Settings > General

View solution in original post

3 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

@ISSTacs_OITS take a look at the following resources for additional information/assistance:

  • https://community.microfocus.com/t5/Fortify-User-Discussions/WebInspect-Scan-Configuration-Tricks-and-Best-Practices/m-p/1587049
  • Sessions Exclusions:
    • Example 1:
      • To prevent identical, dynamic folders from being added to the scan length, yet include some variants (1 through 13) in the scan for security coverage. If directories are all of the form: "/psp/ps_1/", "/psp/ps_2/", "/psp/ps_44/", et al.
      • excluded URL = /psp/ps_([1][4-9])|([2-9][0-9])/
      • version for also excluding 3-digit folders = /psp/ps_(([1][4-9])|([2-9][0-9])|(/d/d/d))/
    • Example 2:
      • Regex = \/products\/(?!\wa)\w\w\/
      • Scenario: This is specific to these this /products/ folder structure. It will cause all of them to be omitted by WebInspect, except for those folder names with the letter "a" in the second position. I chose "a" arbitrarily, but you could alter this easily by replacing the "a" character in the regex with your desired character.
  • Inclusive Exclusions as mentioned in this KB - https://softwaresupport.softwaregrp.com/doc/KM03228261

Also, make sure you have the following configured:

  • Perform redundant page detection - Edit > Current or Default Scan Settings > General

View solution in original post

Highlighted

@ebell I checked the box for "Perform redundant page detection" and that made a significant difference in the scan time. The scan was able to completely finish. Thank you very much for the tip!

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Awesome news. If you would, go ahead and accept the above as the solution to your issue.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.