WebInspect has 3 great new features

Micro Focus Expert
Micro Focus Expert
3 1 1,506

We at Fortify have a vision to continue our application security market leadership by providing key enterprise enhancements that focus on improvements in speed, automation and usability. The new WebInspect release (Version 19.1.0) delivers with automation capabilities, integrating our dynamic technology as part of an organization’s ecosystem, and improving the user experience.

There are three big things that stand out for me in this release:

AppSec.png1. Macros

Macro Recorder Updates

  • To support modern frameworks, we’ve released a technical preview of our updated macro recorder tool. After changing the default macro recorder setting under Application Settings, the updated tool will be available via the Basic Scan Wizard.

Macro Validation

  • Ease of use is at the forefront of everything we do. With our new Macro Validation feature, WebInspect can optionally test macros prior to scanning both via the API and UI. This tests for failed creds, failed steps, timeouts, general execution errors, etc.
  • Macro Validation satisfies several use cases:
    • Validation that a previously recorded Macro is still good
    • Validation that Auto-Gen can successfully create a macro
    • API/CLI driven macro validation
    • Scan time macro testing
  • Validation is on by default. Turn it off Scan Stop by modifying Scan Settings | Authentication.

Macro Auto-gen

  • We’re reducing some of the manual touchpoints traditionally required by dynamic scanning. WebInspect can now automatically create a login macro with just a URL, username, and password. This feature is available via the UI, API, and CLI. Keep in mind you can still use our familiar Login Macro Recorder to record a macro manually.

2. API improvements

API Expansion:

  • Our new scans data API endpoint provides a wealth of details around scan statistics, and even enables simplified querying of vulnerability information.
  • Macro Validation – use /testlogin against a scanID
  • Macro Validation – use /Scanner/settings/{filename}/testlogin against settings w/macro
  • Statistics Endpoints – use /data
  • Easily access vulnerability information – use /data/SessionChecks
  • Auto-Macro – passed as an override to a scan

API Scanning Improvements

  • We’re committed to making API scanning easier. Our WISWAG tool can now consume definitions built in the OpenAPI 3.0 specification. WebInspect can also now handle bearer tokens for improved authentication support.

3. WebInspect via a Docker container

4. Bonus – other new features include:

  • Performance Improvements
  • WebSockets Improvements
  • Improved Server-Level Correlation
  • Blind SQL Injection Accuracy
  • Multi-user Login
  • Settings Visualization Improvements

See the full release notes on the Fortify Product Announcements Board. If you haven’t already, subscribe to this board today to stay up to date on what's new with our products!

  1. Log into the community. You may use your MySupport credentials or register if you do not already have them.
  2. Visit the Fortify Product Announcements Board
  3. Click on "Subscribe to forum updates"
  4. To review or modify your notification settings:
    1. Click on your picture in the top right corner
    2. Click My Subscriptions > Notification Settings
    3. Review and modify your settings as desired
1 Comment
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Great new advancements!  Thanks for the info.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.