Browse by Tags - HP Application Security Center Community
United States-English
Home - Tab - Selected
» Blogs - Tab
» Forums - Tab

Browse by Tags


HP Application Security Center Community » All Tags » WebInspect (RSS)

» WebInspect 7.7.869 Now Available

An update for WebInspect is now available via SmartUpdate. The update includes some great changes which have been detailed below. Enjoy! Improvements to the Regular Expression Editor Optimized some functions for improved performance (language syntax application, syntax evaluation triggering points, etc...
Posted to HP Application Security Center News (Weblog) by joe.yeager on 06-12-2008

» What's the point of "penetration testing"?

Over the last 8 years in IT Security, I've had at least a professional interest in the idea of penetration testing and the opinion of this service has evolved as the IT Security market niche matures and grows. I wanted to take a minute to discuss it with the readers out there, and maybe solicit some...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 04-04-2008

» Re: Failed to connect to proxy when using a web macro for scan

Deepak Louis; There are two ways to configure this. It sounds like you are attempting to perform the first method listed below as A. Method A. Capture WR traffic as a Macro for replay during WebInspect scans. ** This method is a manual version of how the QTP script script converter tool works within...
Posted to WebInspect (Forum) by FenderB on 01-23-2008

» The New WebInspect LFI Engine

The release of WebInspect 7.7.113.3 (the Nov/2007 hotfix release) brought along a significant feature: a new-and-improved audit engine for finding local file reading/inclusion vulnerabilities. This article will introduce you to this new engine, how it works, and explain how to tune the associated check...
Posted to cat /dev/random | grep security (Weblog) by jbforristal on 12-05-2007

» WebInspect Check Tuning part III: Network-related check tuning

This is the third part in my three-part series on check tuning. Part one addressed the basic concepts of check inputs and tuning checks , while part two addressed some basic network topology concepts . This part will utilize the previously discussed concepts to tune three specific network-related checks...
Posted to cat /dev/random | grep security (Weblog) by jbforristal on 11-29-2007

» Failed to connect to proxy when using a web macro for scan

Objective : Integration of winrunner 8.2 with webinspect 7.7, capture HTTP request from one machine and execute scan on another webinspect machine. The following are the changed in configuration that was done 1. Changed the winrunner server IE proxy setting to webinspect server IP address and port. Unchecked...
Posted to WebInspect (Forum) by dlouis on 11-14-2007

» WebInspect Check Tuning part II: Understanding network topology

Launching a web scan is conceptually pretty easy: you just pop in a target URL and click 'Go'. You don't have to necessarily worry about routing tables, firewalls, and all that other network architecture stuff that magically lets the scanning system talk to the target web site. That is, you...
Posted to cat /dev/random | grep security (Weblog) by jbforristal on 10-25-2007

» WebInspect Check Tuning part I: Intro to check inputs

This is the first article in a three part series that focuses on tuning the checks included with WebInspect (and sister products, DevInspect and QAInspect), with the goal of increasing accuracy and usefulness. By default, the current version of WebInspect ships with thousands of checks. A 'check'...
Posted to cat /dev/random | grep security (Weblog) by jbforristal on 10-19-2007

» WebInspect 7.7 just around the corner

WebInspect 7.7 coming soon, so what's new? Great question! What better way to let our customers know that HP is 100% commited to improving and delivering new functionality in WebInspect than to bring everyone a new release. This is our second WebInspect product update since getting aquired and there...
Posted to HP Application Security Center News (Weblog) by erik.peterson on 10-05-2007

» Cross-Site Request Forgery and Vulnerability ID 10044

Hello all - I have been researching XSRF lately and am curious about the WebInspect test for this vulnerability. Specifically, Vulnerability ID 10044 states in the Execution section: "If the session is vulnerable to a Cross-Site Request Forgery attack, the same HTML sent in the request will also...
Posted to WebInspect (Forum) by DaveTheWebster on 09-11-2007
Page 1 of 4 (38 items) 1 2 3 4 Next >
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.