HPE Software Products: WebInspect
Share |

HP Webinspect Unable to scan application on Trial versionOpen in a New Window

Hi .. I am using WebInspect 16.10 Trial version and trying to perform a scan of my web application using the Guided/Basic scan. It shows the following error when trying to verify the URL: 

'The URL provided is not allowed by your license'. 

It is a Java Web application running on my local Tomcat server whose URL is like this:

http://localhost:8080/MyProject/Login

Is this a limitation of the Trial version?

 

WebInspect Error After Upgrade to 16.20Open in a New Window

Hi there,

After upgrading WebInspect from 16.10 to 16.20 we are not able to run our scheduled scans.

In the Scan logs I see a crawler error.

error: LaunchTC failed to create process

We have installed the patch/upgrade in a different drive than C, same drive as previous installation (on adifferent partition). The upgrade was okay, no issue. We have now version 12.20.608.0 The scan reports being completed in less than a minute (24 sec) with this error. Thanks for your help.

 

WebInspect 16.20 Installation - Kaspersky AV DetectionOpen in a New Window

Hi all,

The installation file for 16.20 (WebInspect.64.exe) currently gets detected as a probably infected object by Kaspersky.

Unfortunately, due to the size of the file, it cannot be submitted to Kaspersky or Virus Total for analysis.

Has anyone else experienced the same behaviour or knows if this has been documented by HP?

Thanks.

 

WebInspect Offline updatingOpen in a New Window

Dear all,

I have WebInspect installed in an offline server and that server would be unable to access the Internet and hence SmartUpdate. Would there be a way for me to manually update it via another computer that has access to Internet? For example being able to download the new patch into a computer that has access to Internet and then transferring it to the computer with WebInspect and manually updating it.

 

 

 

Deleting the scan from Webinspect GUIOpen in a New Window

Hi, 

Can deleting the scan from webinspect GUI (manage scan- select scan-delete) also delete the scan from database? Because running the script looks tedious. I did reach out to HP customer support and they mentioned if the scan is deleted from the webinspect GUI, the scans in the backend database also gets deleted. Can someone please help me with this? 

If it is possible to do it through webinspect GUI, is it done through manage scans?

 

HPE Security Toolkit and WebInspectOpen in a New Window

Hi, I have a question about HPE Security Toolkit. What is it exactly and is it as part of HPE WebInspect. I mean if we purchase a license for WebInspect does it have Security Toolkit in itself or we have to buy it separately. Thank You in Advance

 

Receiving "check error CheckID: 10942"Open in a New Window

While running a scan, I am receiving  "check error CheckID: 10942". See attached. Does anyone know what could cause the error and how to solve itWebinspect error.PNG

 

URL Exclusion & Inclusions in HP Web InspectOpen in a New Window

Hi Team,

I need to include only a set of url's to be scanned by HP (Web Inspect 16.10) from a big list of url's in an application. We have option to write RegEx for excluding URL's or patterns and not for including. As in my case, the list of URL's to be excluded are high in number and include URL's are less, I decided to write 'negation' rule set for URL's to be included. So that negation rule set url's will be included and rest of the url's will be excluded. I tried writing negation rule set but couldn't able to succeed. Could you please help me in writing the same. Below is my requirement.

Main URL: http://samplescan.com/crawl/spider/

Under spider folder, I need below pages to be included in the scan. All the pages, apart from below have to be excluded from the scan.

Pages to be included: testadmin.html, testaccount.html, testpage.html

Pages to be excludedadmin.html, adminaccount.html, usersmith.html.............1oothpage.html

Thanks in advance!!

Regards,

SunnyK

 

 

WebInspect with CAC Enabled applicationOpen in a New Window

Has anyone used the new feature in WebInspect for CAC authentication into an application? How did you get it to work?

 

Scanning RESTful WebServices with OAuth TokenOpen in a New Window

I am scanning RESTful WebServices and it is secured by OAuth2 (Spring Security OAuth). These webservices are not accessible from the website, only accessed by other applications as server to server API calls.

Each application requests for the token (POST call) and receives access token, refresh token, expiry duration in response. Every further request sends an unique correlation id, access token as request headers.

I was planning to use web proxy to record the requests, convert to web macro and use workflow driven scan. But since the token expires and correlation id needs to be unique, requests sent from webinspect fail. Is there a way to replace the token , correlation id in the macro prescan or dynamically during the scan?

 

 

 

Fix Request for Medium Severity Cross-Frame Scripting Vulnerability reported by HP Web Inspect ToolOpen in a New Window

Hi,

Can anybody please provide suggestions for fixing medium severity XFS vulnerability, found by HP Web Inspect Tool ?

I have used below code snippet, but not fixed, again reported it....

FIX:

    var externallyFramed = false;
    try {
        externallyFramed = top.location.host != location.host;
    }
    catch(err) {
        externallyFramed = true;
    }
    if(externallyFramed) {
        top.location = location;
    }

 

Please make time to provide your valuable suggestions...

 

Bunch of Thanks Advanced...

 

 

 

If login macro is not working tomorrowOpen in a New Window

I have started a scan for an application and I have used a login macro for it.  A day after the scan when I checked, Login macro was not working and scan has paused/stoppeed. I confirmed that credential for the application has been changed. 

I want to resume the scan where I had left. What I need to do?

 

Your help is highly appreciated. Thanks 

 

HP WebinspectOpen in a New Window

How do I determine how many concurrent licenses I will need?

 

Can WebInspect scan break an applicationOpen in a New Window

Does webinspect tool have a capability to break an application? If so to what extent?

 

How to get WebInspect scan consistency to close out vulnerability bugsOpen in a New Window

I have seen posts about this before, and I already understand that varying the software, server or the scan settings can vary results. We use settings files and the command line WI.exe called from batch files, so the settings are the same. Assume that the environment is the same, with the one exception of the fixes we put in for the vulnerabilities, and application changes that may have occurred between scans. There is nothing we can do about that.

  1. First does anyone know -- for a fact -- that WebInspect would yeild the same results for a crawl/audit if the environment is 100% identical? I realize maybe it "should", but does it really? 
  2. If it will not scan exactly the same each time, what is the best strategy for a scan/fix/confirm cycle? Is it to:
    A) Right-click on the original scan and Retest Vulnerabilities. I have found this sometimes does not find the original vulnerabilities that we didn't even touch, so I'm not sure I trust this 100%.
    B) Do the whole scan over with the same settings? Unfortunately this almost always shows new vulnerabilities, so we end up in a potentially endless cycle of scan/fix/close.
    C) Some other option, like mabye doing/saving a crawl and doing a re-test of using only audit?

Thanks for any help,

Jeff

 

Moving Projects to Different Security Group in WIE ConsoleOpen in a New Window

Having an issue moving a project from one Security Group to another. The issue comes when I'm at the Object Dependencies part of the move. The only dependency is the report that was run against the scan.Capture.JPG

I get here and I cannot move the project because of this report. I've deleted the report from the project in WIE. Do I need to also delete the report in SSC as well? If so, how do I do that?

 

 

What is the column "tested" mean in the report type "Compliance => OWASP Top 10 2013"?Open in a New Window

Since in the report, I found the column "tested" in some itmes show "no" like the attached file.  I like to know in what situation will cause the column "tested" shows "no"? Thanks a lot!!!

 

 

Scanning mobile Applicaitons using WebInspectOpen in a New Window

1) What are the pre-requisite required for scanning Mobile apps

2) How to perform the scan for Mobile apps using WebInspect

3) Are there any specific security attacks w.r.t. to mobile apps

 

 

Testing REST based POST requests in Web Inspect Enterprise 10Open in a New Window

I trying to congigure REST based post requets in web inspect enterprise version 10 and there doesnt seem to be a way to do the same, Could anyone please help me out with that

 

HP webinspect is painfully slow. What is the minimum requirement to install HP on your PC?Open in a New Window

The webinspect i have installed on my PC runs on CPU that is dual core, 200 GB disk space and 8GB ram with the license for two instances at once. Could someone please tell me what is the minimum system requirement ? I am not sure if system is causing the issue or it's being caused due to Default settings that are not right. 

Contact Us

Vivit Worldwide
P.O. Box 18510
Boulder, CO 80308

Email: info@vivit-worldwide.org

Mission

Vivit's mission is to serve
the Hewlett Packard
Enterprise User
Community through
Advocacy, Community,
and Education.