Print Page   |   Contact Us   |   Sign In   |   Register

Join Vivit
Contact Vivit
Become a Leader
Become a Sponsor
Community Search

Discovery in the Cloud: The Future of Configuration Management

Digital Transformation with HPE Cloud Management

Deliver Amazing Apps Fast in the Idea Economy: a DevOps Transformation

Virginia / Mid-Atlantic VIVIT Chapter Meeting

Chicago Chapter Webinar

LinkedInTwitterFacebookGoogle Plus

HPE Software Products: WebInspect
Share |

Moving Projects to Different Security Group in WIE ConsoleOpen in a New Window

Having an issue moving a project from one Security Group to another. The issue comes when I'm at the Object Dependencies part of the move. The only dependency is the report that was run against the scan.Capture.JPG

I get here and I cannot move the project because of this report. I've deleted the report from the project in WIE. Do I need to also delete the report in SSC as well? If so, how do I do that?



What is the column "tested" mean in the report type "Compliance => OWASP Top 10 2013"?Open in a New Window

Since in the report, I found the column "tested" in some itmes show "no" like the attached file.  I like to know in what situation will cause the column "tested" shows "no"? Thanks a lot!!!



Scanning mobile Applicaitons using WebInspectOpen in a New Window

1) What are the pre-requisite required for scanning Mobile apps

2) How to perform the scan for Mobile apps using WebInspect

3) Are there any specific security attacks w.r.t. to mobile apps



Testing REST based POST requests in Web Inspect Enterprise 10Open in a New Window

I trying to congigure REST based post requets in web inspect enterprise version 10 and there doesnt seem to be a way to do the same, Could anyone please help me out with that


HP webinspect is painfully slow. What is the minimum requirement to install HP on your PC?Open in a New Window

The webinspect i have installed on my PC runs on CPU that is dual core, 200 GB disk space and 8GB ram with the license for two instances at once. Could someone please tell me what is the minimum system requirement ? I am not sure if system is causing the issue or it's being caused due to Default settings that are not right. 


Unpatched Application (3375) Errors - False PositivesOpen in a New Window


Getting a lot of Unpatched Application errors for Apache (WebInspect code 3375).  However, we run RHEL 6, which is Apache 2.2.15, which makes it a false positive.  Is there a patch or future support for running the imbedded Apache instead of the native blends that WebInspect checks for?





Manual test of WebInspect XSSOpen in a New Window


I scanned my site with WebInspect 16 and checked the produced results. WebInspect detedt Cross-Site Scripting (reflected) in my site, but when I send WebInspect XSS request to my site, I don't give the request that show to me.

Also, in web browser mode, I can not see any reflected thing.

How I can ensure that this is a real XSS and it is not a false positive?


One license, one laptopOpen in a New Window


It seems that our configuration must be wrong somehow.  I have a single license in use, but want all users who logon to the computer using domain credentials to have access to it.  It's still only one use at a time, right?  So how do I do that?


webinspect can not be launched.Open in a New Window

I met an issue:

double click the webinspect icon, it can not be launched.

also tried run as administrator.

check windows event viewer, get below message:

Faulting application name: WebInspect.exe, version: 16.10.463.10, time stamp: 0x5706acad

Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp: 0x523d557d

Exception code: 0xe0434352

Fault offset: 0x000000000000ab78

Faulting process id: 0x2710

Faulting application start time: 0x01d2116896ae8fd7

Faulting application path: C:\Program Files\HP\HP WebInspect\WebInspect.exe

Faulting module path: C:\Windows\system32\KERNELBASE.dll

and this:

Application: WebInspect.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.IOException


at System.IO.__Error.WinIOError(Int32, System.String)

at System.IO.FileStream.WriteCore(Byte[], Int32, Int32)

at System.IO.FileStream.FlushWrite(Boolean)

at System.IO.FileStream.Dispose(Boolean)

at System.IO.FileStream.Finalize()




Can i use WebInspect to detect DoS vulnerability?Open in a New Window


Is it possible to test my server for DoS vulnerability with WebInspect?

If not, kindly suggest me a tool.





Any way to programmatically find my license expiration date?Open in a New Window

I use a lot of licensed software with licenses that need to be renewed periodically, and I'm writing a script that checks all my licenses to warn me when I need to renew one soon, but I can't find a way to do this with WebInspect.

Is there a way to programmatically find my license expiration date?  A hidden remote API function?  A registry setting I can read?


WebInspect Enterprise 16.10 fail to verify URL with rendering engine FirefoxOpen in a New Window

I tried to use WebInspect Enterprise web console using IE 11 in Windows 10. When performing a guided scan, it opened another Firefox window. But it can't verify the URL, it just keep loading. When I tried to visit the URL in the opened Firefox, it said "the address isn't valid".

From the outside, I can get access to the URL both by IE and Firefox.

When I choose rendering engine as IE, it can verify the URL. But it will have problems when recording a login macro.

So I'm asking for help to fix this problme. Thank you all.


Kerberos Auth using wi.exe and http-calls for starting a scan-routine in command-line mode.Open in a New Window

Dear Sir or Madam;

We do testing in a manual step-mode way, since our applications are way too complex to perform automated crawl&audit routines.
We want to automate the setup of scans by allowing our testusers to set up their tests on their own.
Therefore, we want to realise the following setup:

PC of Testuser --> Webserverportal (PHP-coded page constructing the call for setting up Proxy and starting Scan) --> Webinspect-Server running the API.

With regards to the Kerberos Auth, the Webserver is enabled to delegate the Kerberos auth,
so that the Webserver hands over the Kerberos ticket on behalf of the users PC to the WI-Server.
(for detailled information on Kerberos double-hop authentication,
pls. refer to:

In the need of scanning, the user calls the webportal-page which then constructs the calls for the scanner and copies a browser to a directory.
The Browser is a portable app. The portable Browser is configured to use the Webinspect-Server as proxy. After the scan has been started, the User tests the
application in step mode and WI records all data.
We use Kerberos for authentication purpose throughout the whole system end-to-end.

I know, that according to the documentation, the GUI can handle Kerberos Authentication - but can the wi.exe or the http-call handle Kerberos auth?

Testing the web will be done using the GPO-Objects the user who performs the test is granted. The analyze routing  needs to run under user-Credentials of the testing user.
at the time beeing, I run the analyze routine with my credentials, but I am granted full access to everything since I am granted Admin-Rights, but we want to automate this as well.

Is there a more thorough documentation available for the API than that included inside the API?

Which service can I enable in my AD-Settings for beeing allowed to use Kerberos double-hop authentication?
Is the Webinspect API the right one (if I am not mistaken, the WI-API acts as service?)

Any input would be highly appreciated ; Thank you very much for your kind help in advance,

kind regards


WebInspect 15 Day Trial issue: Trial Website does not work, therefore can't use trial license.Open in a New Window

Hi There
I'm trying to use the 15 day Trial licence for latest WebInspect 16.10. 
The trial licence only allows me to scan the website. << This site does not seem to work, however I can browse any other website.
WebInspect can make connections to and render any sites, but NOT the site the trial licence is limited to (
I need to test or learn how to use this software, I need it for work, please help!


Scan database has reached maximum allowed limit (4Gb). Operation will be cancelled.Open in a New Window


I am running SQL Server 2008. I reached 60 present of my scan. I have to finish the scan. How can I extand the db limit to continue this scan?




WebInspect Crawler and browser errorOpen in a New Window

I'm using the command line to run WebInspect via bamboo.

I can run scans and they complete fine showing no vulnerabilities etc, however when I export as a scan log just to ensure it works (I know the tests should show vulnerabilities) it shows the following errors:

Error:Crawler error, session:C8BA8F00DB4CECE36559FE4AFC7CE3B1, error:Failed to launch browser:

The scan then runs but as I said finds no vulnerbilities etc - this would be obvious considering the crawler has an error.

Any ideas what the issue is and how it can be fixed?


WIE Scanning Queue?Open in a New Window

I have WebInspect enterprise with multiple sensors. I would like to implement continuous monitoring of my applications, of which there are a large number, by placing them in a queue and having the sensors go through a list of pre-defined/templated scans. Each application in the list will be scanned by the next available sensor. When WIE reaches the bottom of the list, I would like it to go back to the top and start over. 

I know I can schedule recurring scans, but this depends on me knowing how long the previous scans will take, so that I can ensure a sensor will be available at that time. Ideally, I would like the sensors constanly scanning. I don't want a sensor to be sitting idle.

Is this possible using WIE? I was not able to figure out how. Maybe this is a task better suited for the WIE API?


wi license server blocked licensesOpen in a New Window

Dear Sir or Madam;


We do a have a problem with our license-server I would like to ask for help:


We have 5 concurrent licenses and 5 concurrent WI-Systems which are used for scanning our Webprograms in various locations.

Even if no Webinspect Program is running, we do often run into blocked licenses which may sooner or later lead to a message: There is no license available.

We do use:

16.10 WebInspect, patched to current level for the Scanning Servers


I cannot tell which Version of Patchlevel we are using for the license server, as this was more or less an inherited piece.


We often need to kick licenses manually, which tends to get a little anoying over time.


Any help would be highly apreciated. Thank you very much in advance for your kind help,


kind regards,




wi.exe step-mode CrawlOpen in a New Window

Dear Sir or Madam;

Right now, I am using Webinspect in following configuration:

- WebInspect Server (a VM) acts as Proxy-Server, while the Website is beeing surfed from a browser via WebInspect Proxy. When surfing, the Webinspect server listens in a manual step-mode crawl for the URLs I surf.

Afterwards, after having surfed each and every mask of the web, I run Audit as the second step.

When using the Fat Gui, everything works fine. Now I try to alter scanning a little bit (sorry, beeing a Linux-guy I wanna use command line as much as possible... ;-) )

I am looking for a way to setup a scan with the following parameters:

- wi.exe needs to be called from a command line

- the Webinspect Server needs to act as Proxy-Server as before.

No, I am searching for the parameter to start the manual Step-Mode Crawl via command line.

The help for wi.exe -? diplays:


  General ---------------------------------------------------------

 ...   -o                     audit only (requires policy -p)
     -c                     crawl only


which - at least to my humble opinion calls only for an automated Crawl or only for an automated audit.

Do I have any option which allows me just to run a manual Crawl in step mode from command-line?


Any help help would be appreciated. Thank you very much in advance.

kind regards




Generating reports from SSCOpen in a New Window

I have been scheduling scans using Web Inspect Enterprise. As scans for a particular project/application complete and are uploaded to Software Security Center (SSC), I want to be able to access a scan that took place at a particular point in time and generate/view a detailed report for it only. Is this possible?

When I attempt to generate a report in SSC, I just get an aggregate of all the scans for the particular project/application I specify, and the report SSC generates lacks the granuality and detail I get when I generate a report from within Web Inspect (details about the vulnerable sessions, request and response, etc).



Sign In

Forgot your password?

Haven't registered yet?

Vivit Blog