WebInspect 10.20 Release

HP Fortify and the WebInspect team announced the release of WebInspect and WebInspect Enterprise 10.20 on April 17th.  Current customers can upgrade WebInspect version 10.20 using the SmartUpdate utility. Additionally, customers can download the latest release from https://download.hpsmartupdate.com/webinspect/ and https://download.hpsmartupdate.com/wie/.  

 

WebInspect 10.20

HP WebInspect 10.20 has several new features and many improvements to existing features.

  • WebInspect Agent
  • WebInspect API
  • FIPS Compliance
  • Unified Taxonomy
  • Burp Proxy and Selenium Script import
  • Improvements to the Underlying Script Engine
  • Native Mobile Service Scanning
  • Mobile Web Site Scanning

Current customers can refer to the communication sent out on Thursday, April 17th for additional information.

 

WebInspect Agent

WebInspect 10.20 introduces the WebInspect Agent.  Built on top of the Fortify runtime framework, the Agent is an IAST tool which interacts with the WebInspect client in a 2-way communication. The Agent sits inside of the runtime of a web application and permits WebInspect to know and understand the internal interactions of the application as it is being tested.  The WebInspect Agent is delivered free of charge to all current customers of WebInspect and WebInspect Enterprise and can be downloaded from https://download.hpsmartupdate.com/webinspect/.

 

WIA-3way.png

 

WebInspect API

WebInspect 10.20 introduces a new API which allows customers to control their instance of WebInspect remotely.  Users can now configure new scans, retrieve information about scans in progress, and export results from completed scans in a remote and flexible way.  The API is a RESTful service installed with WebInspect and configured to be disabled by default. Customers wishing to utilize the new API can enable it from the Windows Services screen.

 

FIPS compliance

WebInspect can now run in Windows environments configured for compliance with the Federal Information Processing Standards (FIPS).  WebInspect will automatically detect when Windows is enforcing FIPS compliance mode and shift the cryptographic algorithms accordingly.

 

Unified Taxonomy

All Fortify products now have their vulnerabilities categorized under the 7 Pernicious Kingdoms taxonomy.  This taxonomy is different from many of those that have taken hold as industry standards in that it covers all vulnerabilities rather than the top 10 or top 25 categories.  This comprehensive taxonomy is also designed with developers in mind rather than security professionals and uses language borrowed from biology. The primary goal of defining this taxonomy is to organize sets of security rules that can be used to help software developers understand the kinds of errors that have an impact on security. By better understanding how systems fail, developers will better analyze the systems they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future. For more information on the 7 pernicious Kingdoms Taxonomy visit http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html.

 

BURP Proxy and Selenium Script Import

WebInspect already supported importing UFT scripts, now it also supports importing BURP suite proxy exports and with the help of the new API can also import Selenium scripts.  These features aid customers in ensuring full coverage of their site by utilizing resources many QA teams already have.

 

Improvement to the Underlying Script Engine

The underlying engine used by WebInspect to parse web page layouts and scripting has been upgraded enabling WebInspect to natively understand the newest web technologies such as HTML 5.  Additionally, WebInspect can now identify redundant script executions across pages such as menus or formatting and avoid retesting this code, saving time and improving performance.

 

Native Mobile Web Service Scanning

WebInspect 10.20 introduces a new scanning option to test the traffic between a mobile application and the backend server. 

 

Mobile Web Site Scanning

Mobile sites can be scanned with custom user agents or popular mobile platform user agents like Safari or Chrome for Android.  In this mode, WebInspect scans the site content as it would be rendered to a mobile browser.

 

 native-mobile.png

 

 

If you would like to request a trial of WebInspect or to find out more about the product please visit us at http://www8.hp.com/us/en/software-solutions/software.html?compURI=1341991#.U1gVrPldW9M

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.