HPE Software Products: WebInspect
Share |

Unable to connect to remote host : No connection could be made because the target machine actively rOpen in a New Window

Hi Team,

We are getting this error most of the times when we are recoding the login and this is not consistent, we are able to access the application normally from the browser. Not sure what is the issue and the solution. I am sure this not because of the firewall or something else as I am able to access the application normally.

Thank you !!!

 

WebInspect socket errorOpen in a New Window

Hello. I am trying to scan a site that does not require any type of authentication. When going to the site through IE, it works just fine. When using WebInspect, it gives me an error that states: Unable to connect to remote host: An attempt was made to access a socket in a way forbidden by its access permissions xxx.xxx.xxx.xxx:443. The proxy settings in WI for both app and default proxy settings are set to IE settings. Is there another setting that I need to fix? Also, I cannot disable Antivirus due to Group Policy. Why does IE allow connection but WI doesn't?

 

Scan Initialization FailedOpen in a New Window

It doesn't seem to matter what settings I have the scan always fails to initialize. Even a basic scan with default parameters (http://zero.webappsecurity.com/) fails to initialize. This is a fresh install. Many of the other tickets on here reference the log viewer, it doesn't seem to have any errors. Just warnings. We're not using any sql server either. If needed i can supply pages from the log viewer here. Just tell me what tabs to copy.

 

Thanks,

 

-James

 

Import Scan Error HelpOpen in a New Window

When importing some scan files back into WebInspect we see this error (see attached).

Any work-arounds for this?

Thanks in advance.

 

Running WCF service scan using Webinspect 16.20Open in a New Window

I have been trying to run web service scan for WCF service but scan doesn't work. When i checked the error log, it said "Added Fail Code 401", "File Not Found". Tool only crawls but doesn't audit. 

 

Has anyone tried doing scan on WCF service? Any help on this would be appreciated. 

 

Schedule a saved guided scanOpen in a New Window

I created a guided scan (with macro authenication) 
and saved it (default path .xml)

I'm trying to schedule it (not immediate or manually execute rescan)

But this is not available.

Only a non guided, non macro website straight scan can be add to the schedule.

Is there a way to do this otherwise??

scheduled a saved template.

 

Scan LoopOpen in a New Window

Please forgive me if this is a basic question but the info that I have found on it has not resolved the issue.

I noticed that a scan had hung and began looking at the Traffic Monitor to see if I could find where the scan was hanging. It appears that there are a couple of URLs that keep coming up and will loop multiple times before the scan moves on. I have un-checked those sites from the list of sites on the left but the scan seems to keep htting them. I assume that I would need to skip these sites to keep the scan from hanging but un-checking them doesn't seem to be doing the trick.

I have also scanned the site using ZAP and do not see the same looping issue.

Aside from that, where can I find documentation on how to setup a basic scan and what to expect during that scan? As stated above, I have a scan currently running but it is hanging. I'd like to be sure that I haven't missed anything basic.

 

WebInspect 16.20 - SSL Error issueOpen in a New Window

Hi All 

I am using HP webInspect 16.20 for scanning an application in a Client's environment. 

After initiating the scan, I am getting facing the below error in the profiling page- 

"SSL Configuration failed when trying to connect to target host." 

ON clicking next and subsequently starting the scan, 

Please note- since its a client's environment, we have to set up the network proxy too(which we have done). Still, I am unable to start the scan successfully. 

Please help how to mitigate this error. 

Thanks in advance! 

 

HP Webinspect Unable to scan application on Trial versionOpen in a New Window

Hi .. I am using WebInspect 16.10 Trial version and trying to perform a scan of my web application using the Guided/Basic scan. It shows the following error when trying to verify the URL: 

'The URL provided is not allowed by your license'. 

It is a Java Web application running on my local Tomcat server whose URL is like this:

http://localhost:8080/MyProject/Login

Is this a limitation of the Trial version?

 

WebInspect Error After Upgrade to 16.20Open in a New Window

Hi there,

After upgrading WebInspect from 16.10 to 16.20 we are not able to run our scheduled scans.

In the Scan logs I see a crawler error.

error: LaunchTC failed to create process

We have installed the patch/upgrade in a different drive than C, same drive as previous installation (on adifferent partition). The upgrade was okay, no issue. We have now version 12.20.608.0 The scan reports being completed in less than a minute (24 sec) with this error. Thanks for your help.

 

WebInspect 16.20 Installation - Kaspersky AV DetectionOpen in a New Window

Hi all,

The installation file for 16.20 (WebInspect.64.exe) currently gets detected as a probably infected object by Kaspersky.

Unfortunately, due to the size of the file, it cannot be submitted to Kaspersky or Virus Total for analysis.

Has anyone else experienced the same behaviour or knows if this has been documented by HP?

Thanks.

 

WebInspect Offline updatingOpen in a New Window

Dear all,

I have WebInspect installed in an offline server and that server would be unable to access the Internet and hence SmartUpdate. Would there be a way for me to manually update it via another computer that has access to Internet? For example being able to download the new patch into a computer that has access to Internet and then transferring it to the computer with WebInspect and manually updating it.

 

 

 

Deleting the scan from Webinspect GUIOpen in a New Window

Hi, 

Can deleting the scan from webinspect GUI (manage scan- select scan-delete) also delete the scan from database? Because running the script looks tedious. I did reach out to HP customer support and they mentioned if the scan is deleted from the webinspect GUI, the scans in the backend database also gets deleted. Can someone please help me with this? 

If it is possible to do it through webinspect GUI, is it done through manage scans?

 

HPE Security Toolkit and WebInspectOpen in a New Window

Hi, I have a question about HPE Security Toolkit. What is it exactly and is it as part of HPE WebInspect. I mean if we purchase a license for WebInspect does it have Security Toolkit in itself or we have to buy it separately. Thank You in Advance

 

Receiving "check error CheckID: 10942"Open in a New Window

While running a scan, I am receiving  "check error CheckID: 10942". See attached. Does anyone know what could cause the error and how to solve itWebinspect error.PNG

 

URL Exclusion & Inclusions in HP Web InspectOpen in a New Window

Hi Team,

I need to include only a set of url's to be scanned by HP (Web Inspect 16.10) from a big list of url's in an application. We have option to write RegEx for excluding URL's or patterns and not for including. As in my case, the list of URL's to be excluded are high in number and include URL's are less, I decided to write 'negation' rule set for URL's to be included. So that negation rule set url's will be included and rest of the url's will be excluded. I tried writing negation rule set but couldn't able to succeed. Could you please help me in writing the same. Below is my requirement.

Main URL: http://samplescan.com/crawl/spider/

Under spider folder, I need below pages to be included in the scan. All the pages, apart from below have to be excluded from the scan.

Pages to be included: testadmin.html, testaccount.html, testpage.html

Pages to be excludedadmin.html, adminaccount.html, usersmith.html.............1oothpage.html

Thanks in advance!!

Regards,

SunnyK

 

 

WebInspect with CAC Enabled applicationOpen in a New Window

Has anyone used the new feature in WebInspect for CAC authentication into an application? How did you get it to work?

 

Scanning RESTful WebServices with OAuth TokenOpen in a New Window

I am scanning RESTful WebServices and it is secured by OAuth2 (Spring Security OAuth). These webservices are not accessible from the website, only accessed by other applications as server to server API calls.

Each application requests for the token (POST call) and receives access token, refresh token, expiry duration in response. Every further request sends an unique correlation id, access token as request headers.

I was planning to use web proxy to record the requests, convert to web macro and use workflow driven scan. But since the token expires and correlation id needs to be unique, requests sent from webinspect fail. Is there a way to replace the token , correlation id in the macro prescan or dynamically during the scan?

 

 

 

Fix Request for Medium Severity Cross-Frame Scripting Vulnerability reported by HP Web Inspect ToolOpen in a New Window

Hi,

Can anybody please provide suggestions for fixing medium severity XFS vulnerability, found by HP Web Inspect Tool ?

I have used below code snippet, but not fixed, again reported it....

FIX:

    var externallyFramed = false;
    try {
        externallyFramed = top.location.host != location.host;
    }
    catch(err) {
        externallyFramed = true;
    }
    if(externallyFramed) {
        top.location = location;
    }

 

Please make time to provide your valuable suggestions...

 

Bunch of Thanks Advanced...

 

 

 

If login macro is not working tomorrowOpen in a New Window

I have started a scan for an application and I have used a login macro for it.  A day after the scan when I checked, Login macro was not working and scan has paused/stoppeed. I confirmed that credential for the application has been changed. 

I want to resume the scan where I had left. What I need to do?

 

Your help is highly appreciated. Thanks 

Contact Us

Vivit Worldwide
P.O. Box 18510
Boulder, CO 80308

Email: info@vivit-worldwide.org

Mission

Vivit's mission is to serve
the Hewlett Packard
Enterprise User
Community through
Advocacy, Community,
and Education.