- About Vivit
- LUGs & SIGs
- Vivit Blogs
- News & Events
- Knowledge Base
|HPE Software Products: WebInspect|
Hi .. I am using WebInspect 16.10 Trial version and trying to perform a scan of my web application using the Guided/Basic scan. It shows the following error when trying to verify the URL:
'The URL provided is not allowed by your license'.
It is a Java Web application running on my local Tomcat server whose URL is like this:
Is this a limitation of the Trial version?
After upgrading WebInspect from 16.10 to 16.20 we are not able to run our scheduled scans.
In the Scan logs I see a crawler error.
error: LaunchTC failed to create process
We have installed the patch/upgrade in a different drive than C, same drive as previous installation (on adifferent partition). The upgrade was okay, no issue. We have now version 12.20.608.0 The scan reports being completed in less than a minute (24 sec) with this error. Thanks for your help.
The installation file for 16.20 (WebInspect.64.exe) currently gets detected as a probably infected object by Kaspersky.
Unfortunately, due to the size of the file, it cannot be submitted to Kaspersky or Virus Total for analysis.
Has anyone else experienced the same behaviour or knows if this has been documented by HP?
I have WebInspect installed in an offline server and that server would be unable to access the Internet and hence SmartUpdate. Would there be a way for me to manually update it via another computer that has access to Internet? For example being able to download the new patch into a computer that has access to Internet and then transferring it to the computer with WebInspect and manually updating it.
Can deleting the scan from webinspect GUI (manage scan- select scan-delete) also delete the scan from database? Because running the script looks tedious. I did reach out to HP customer support and they mentioned if the scan is deleted from the webinspect GUI, the scans in the backend database also gets deleted. Can someone please help me with this?
If it is possible to do it through webinspect GUI, is it done through manage scans?
Hi, I have a question about HPE Security Toolkit. What is it exactly and is it as part of HPE WebInspect. I mean if we purchase a license for WebInspect does it have Security Toolkit in itself or we have to buy it separately. Thank You in Advance
While running a scan, I am receiving "check error CheckID: 10942". See attached. Does anyone know what could cause the error and how to solve it
I need to include only a set of url's to be scanned by HP (Web Inspect 16.10) from a big list of url's in an application. We have option to write RegEx for excluding URL's or patterns and not for including. As in my case, the list of URL's to be excluded are high in number and include URL's are less, I decided to write 'negation' rule set for URL's to be included. So that negation rule set url's will be included and rest of the url's will be excluded. I tried writing negation rule set but couldn't able to succeed. Could you please help me in writing the same. Below is my requirement.
Main URL: http://samplescan.com/crawl/spider/
Under spider folder, I need below pages to be included in the scan. All the pages, apart from below have to be excluded from the scan.
Pages to be included: testadmin.html, testaccount.html, testpage.html
Pages to be excluded: admin.html, adminaccount.html, usersmith.html.............1oothpage.html
Thanks in advance!!
Has anyone used the new feature in WebInspect for CAC authentication into an application? How did you get it to work?
I am scanning RESTful WebServices and it is secured by OAuth2 (Spring Security OAuth). These webservices are not accessible from the website, only accessed by other applications as server to server API calls.
Each application requests for the token (POST call) and receives access token, refresh token, expiry duration in response. Every further request sends an unique correlation id, access token as request headers.
I was planning to use web proxy to record the requests, convert to web macro and use workflow driven scan. But since the token expires and correlation id needs to be unique, requests sent from webinspect fail. Is there a way to replace the token , correlation id in the macro prescan or dynamically during the scan?
Can anybody please provide suggestions for fixing medium severity XFS vulnerability, found by HP Web Inspect Tool ?
I have used below code snippet, but not fixed, again reported it....
var externallyFramed = false;
Please make time to provide your valuable suggestions...
Bunch of Thanks Advanced...
I have started a scan for an application and I have used a login macro for it. A day after the scan when I checked, Login macro was not working and scan has paused/stoppeed. I confirmed that credential for the application has been changed.
I want to resume the scan where I had left. What I need to do?
Your help is highly appreciated. Thanks
How do I determine how many concurrent licenses I will need?
Does webinspect tool have a capability to break an application? If so to what extent?
I have seen posts about this before, and I already understand that varying the software, server or the scan settings can vary results. We use settings files and the command line WI.exe called from batch files, so the settings are the same. Assume that the environment is the same, with the one exception of the fixes we put in for the vulnerabilities, and application changes that may have occurred between scans. There is nothing we can do about that.
Thanks for any help,
Having an issue moving a project from one Security Group to another. The issue comes when I'm at the Object Dependencies part of the move. The only dependency is the report that was run against the scan.
I get here and I cannot move the project because of this report. I've deleted the report from the project in WIE. Do I need to also delete the report in SSC as well? If so, how do I do that?
Since in the report, I found the column "tested" in some itmes show "no" like the attached file. I like to know in what situation will cause the column "tested" shows "no"? Thanks a lot!!!
1) What are the pre-requisite required for scanning Mobile apps
2) How to perform the scan for Mobile apps using WebInspect
3) Are there any specific security attacks w.r.t. to mobile apps
I trying to congigure REST based post requets in web inspect enterprise version 10 and there doesnt seem to be a way to do the same, Could anyone please help me out with that
The webinspect i have installed on my PC runs on CPU that is dual core, 200 GB disk space and 8GB ram with the license for two instances at once. Could someone please tell me what is the minimum system requirement ? I am not sure if system is causing the issue or it's being caused due to Default settings that are not right.