Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

WebInspect Release 10.20 in-depth series - Part 1 - The WebInspect API

At Fortify we are always trying to up our game so that our customers have the most robust tools for their application security programs . The WebInspect API is a RESTful service that must be started from the Fortify Monitor in the system tray or the Windows Services page. Initially the API is unrestricted so anyone with network access to the WebInspect machine can send commands.  This can be resolved by right clicking on the tray icon again and configuring the API to require authentication, you can choose between Windows authentication or basic authentication.  The API can also be required to use HTTPS communication with the installation of a certificate.




The API has the ability to control both the scanner as well as the proxy.  For the scanner customers can use the API to check on running scans, upload a new settings file, initiate a new scan, pause or stop a running scan and export a completed scan into the .scan format, the .fpr format or to .xml format. API control of the proxy allows users to not only initiate and close a proxy instance, but also to export the results as a webmacro, psf file, or a xml file. This means customers can use the API to import QA scripts or manually generate webmacros for a workflow driven scan.


There are several other uses for the API such as integration with a continuous build environment for automatically testing an application after each build or setting up alerts for when a scan completes.  Please download the attached zip folder for examples in using the WebInspect API to control a WebInspect scan or the proxy.


Click here to take WebInspect 10.2 for a test drive!

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.