HPE Software Products: WebInspect
Share |

WebInspect Audit Engine Error : SPI.Scanners.Web.Audit.Engines.Adaptive.ParameterBasedRedirectionOpen in a New Window

We are getting the exception stack while running the web inspect tool

Error    Audit Engine error: session:19E32C6CFC53C0793DBE400EF991DDE2, CheckID:10705, engine:SPI.Scanners.Web.Audit.Engines.Adaptive.ParameterBasedRedirection:SmartMode:NonServerSpecificOnly,DllCheckID:10705,EngineID:e974f0fd-2e0a-4f6d-8ddc-95c224ed2191, error:Object reference not set to an instance of an object.

We got this issue several times and now the scan speed decreased.

Web inspect tool version :16.20

 

Your browser is not supportedOpen in a New Window

Hi,

I tried to scan the application in HP WebInspect Web macro recorder with redering engine MSIE option. But I am unable to scan the application.

after login into the application i am getting below error.

"Your browser is not supported."

Please provide the solution to scan web application.

 

 

Issue with Visualization window and SSC.Open in a New Window

Hi Team,

I am facing couple of issues when using WebInspect.

1. After the scan got completed, I am unable to view results in Visualization window sometimes. Can you please suggest if there are any settings that has to be changed at UI.

2. In SSC, Best practices and Informational results are combined in Low category...can we make any settings or is it the issue with SSC, as I am having issue in categorizing them and it's taking long time to work on 600+ issues for False Positive analysis. Kindly suggest me if tehre are any settings has to be changed in SSC so that the Best practises and Informational results would be categorised seperately.

3. Sometimes SSC becomes very slow. It takes long time to load when browsing Scan results.

 Request you to kindly help me regarding the both issues mentioned above so that I can work peacefully.

Looking forward to hear from you,

Regards,

Bhanu M

 

Exclude tokens from being flagged as BREACH vulnerabilityOpen in a New Window

We use a cross-site scripting token -- that is refreshed per request/response -- and because it has the parital word "token" in it, WI flags it as a secret that could be discovered by a BREACH attack. Because we use this on every page, it generates a huge number of false positives. Other than re-coding our application code to change "token" to some other string, is there a way to keep WI from seeing this is a possible vulnerable secret token in a BREACH attack?

Note that I am not trying to prevent WI from using this parameter in an attack (attack exclusion). I'm trying to get WI to ignore this token as a vulnerability.

Thanks.

 

I want to create WebInspect scan job in Jenkins. Can anyone direct me on that?Open in a New Window

 

Scan Status is Running but Audit remains constant for daysOpen in a New Window

Hi,

I have started scan for an application, I received an error message during profiling the site " SSL configuration failed to connect to target site" I verified the SSL certificate and it was fine and after reading post in this forum, that I can continue scan with this error, I started the scan.

The scan runs fine until some point and after which there is no progress in the Audit on the dashboard, No motion on the network and analysis graphs .Number of attacks sent, HTTP Requests count etc.. all these numbers on the right corner of the dashboard remains constant, But the Scan status is Runnning and the Time is running. 

I had left the scan in this status Overnight, everything was constant. so, then I paused the scan and resumed and it works fine, I have to do this pause resume every 30mins or 1 hour and I can see very very little progress but still the scan has not completed.

After doing this for 4 days, I created a new scan for the same application and selected for crawl only, the crawl was successfully completed. So, hoping it to work fine I clicked on the Audit button on the tool bar and selected audit policy as standard, The scan was normal for until some point and now it is again stuck. same status as said in the above two paragraphs.

Kindly help me with the solution to complete this scan. 

 

Is it possible to "schedule" SmartUpdate in WebInspect Enterprise?Open in a New Window

Hello experts, 

I'm a trial user of WebInspect.  I've been looking for a way to schedule SmartUpdate (updating security information database). It seems there's no way to schedule it in (Desktop) WebInspect.  It's understantable since it's a desktop application. Can we do this in WebInspect Enterprise?   My client is interested in WebInspect and he is asking if he can schedule SmartUpdate. Thanks,

tatsuo

 

Is it possible to Integrate HP Unified Functional Testing tool(UFT) with HP WebInspectOpen in a New Window

We are trying to leverage the automation script capabilities of UFT and integrate it with HP WebInspect. Is there any possiblity for that? Is it possible to re-use the UFT scripts in WebInspect? If so, how to do it?

A detailed explanation is appreciated.

Thanks in Advance.

Regards,

Sethu

 

WebInspect 16.10 SQL versions supportedOpen in a New Window

Does WebInspect 16.10 support SQL server 2012 SP3?

 

Does HPE Web Inspect have a specific .NET Framework scan policy.Open in a New Window

 

HPE Webinspect 10.xx upgrade to 16.20Open in a New Window

Hi all,

Could anyone shed some light on upgrading HPE WebInspect version 10.xx to latest version of HPE WebInspect 16.20 please? Should I be backing up the default sql database that WebInspect is utlizing? Can I run the latest version of installation file to upgrade? Do I need to uninstall the old version of HP WebInspect?

Thanks!

Anna

 

Native Mobile App Scanning for IOS deviceOpen in a New Window

Hi, 

I am planning to run webinspect scan on Mobile app i have on IOS device. But the problem is the webinspect machine that i use is installed on a Virutal Machine which is connected to internet only through LAN. The VM runs on WIndows Server O.S

I have previously run scan on android app by using android emulator but haven't been able to do the same with the app on iOS device.

Please advise 

 

Unable to connect to remote host : No connection could be made because the target machine actively rOpen in a New Window

Hi Team,

We are getting this error most of the times when we are recoding the login and this is not consistent, we are able to access the application normally from the browser. Not sure what is the issue and the solution. I am sure this not because of the firewall or something else as I am able to access the application normally.

Thank you !!!

 

WebInspect socket errorOpen in a New Window

Hello. I am trying to scan a site that does not require any type of authentication. When going to the site through IE, it works just fine. When using WebInspect, it gives me an error that states: Unable to connect to remote host: An attempt was made to access a socket in a way forbidden by its access permissions xxx.xxx.xxx.xxx:443. The proxy settings in WI for both app and default proxy settings are set to IE settings. Is there another setting that I need to fix? Also, I cannot disable Antivirus due to Group Policy. Why does IE allow connection but WI doesn't?

 

Scan Initialization FailedOpen in a New Window

It doesn't seem to matter what settings I have the scan always fails to initialize. Even a basic scan with default parameters (http://zero.webappsecurity.com/) fails to initialize. This is a fresh install. Many of the other tickets on here reference the log viewer, it doesn't seem to have any errors. Just warnings. We're not using any sql server either. If needed i can supply pages from the log viewer here. Just tell me what tabs to copy.

 

Thanks,

 

-James

 

Import Scan Error HelpOpen in a New Window

When importing some scan files back into WebInspect we see this error (see attached).

Any work-arounds for this?

Thanks in advance.

 

Running WCF service scan using Webinspect 16.20Open in a New Window

I have been trying to run web service scan for WCF service but scan doesn't work. When i checked the error log, it said "Added Fail Code 401", "File Not Found". Tool only crawls but doesn't audit. 

 

Has anyone tried doing scan on WCF service? Any help on this would be appreciated. 

 

Schedule a saved guided scanOpen in a New Window

I created a guided scan (with macro authenication) 
and saved it (default path .xml)

I'm trying to schedule it (not immediate or manually execute rescan)

But this is not available.

Only a non guided, non macro website straight scan can be add to the schedule.

Is there a way to do this otherwise??

scheduled a saved template.

 

Scan LoopOpen in a New Window

Please forgive me if this is a basic question but the info that I have found on it has not resolved the issue.

I noticed that a scan had hung and began looking at the Traffic Monitor to see if I could find where the scan was hanging. It appears that there are a couple of URLs that keep coming up and will loop multiple times before the scan moves on. I have un-checked those sites from the list of sites on the left but the scan seems to keep htting them. I assume that I would need to skip these sites to keep the scan from hanging but un-checking them doesn't seem to be doing the trick.

I have also scanned the site using ZAP and do not see the same looping issue.

Aside from that, where can I find documentation on how to setup a basic scan and what to expect during that scan? As stated above, I have a scan currently running but it is hanging. I'd like to be sure that I haven't missed anything basic.

 

WebInspect 16.20 - SSL Error issueOpen in a New Window

Hi All 

I am using HP webInspect 16.20 for scanning an application in a Client's environment. 

After initiating the scan, I am getting facing the below error in the profiling page- 

"SSL Configuration failed when trying to connect to target host." 

ON clicking next and subsequently starting the scan, 

Please note- since its a client's environment, we have to set up the network proxy too(which we have done). Still, I am unable to start the scan successfully. 

Please help how to mitigate this error. 

Thanks in advance! 

Contact Us

Vivit Worldwide
P.O. Box 18510
Boulder, CO 80308

Email: info@vivit-worldwide.org

Mission

Vivit's mission is to serve
the Hewlett Packard
Enterprise User
Community through
Advocacy, Community,
and Education.