HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP WebInspect Pro Tips: Login Macros

Why does a scanner need a login macro?

 

A comprehensive security assessment mandates complete coverage of the target application’s attack surface. It is crucial to find and fuzz all possible inputs to the application. A typical web application is partitioned into two major sections – a protected section which requires valid login credentials for access and an unprotected section for public access. It is equally important to assess both the protected and public sections of the target application.

HP WebInspect Pro Tips: Configuring Navigation Parameters

The quality of a dynamic scan is partly dictated by the ability of the scanner to effectively communicate with the target application. The application architecture, underlying design patterns and applicable web frameworks are a few details WebInspect can effectively leverage to understand and accurately map out the attack surface of the application under test. With a variety of web technologies available, custom code, new frameworks and so forth, every scan could use a little tweak to make it more effective. This post is the first in a new series of tips and tricks that we hope will help our customers create quality scans using WebInspect.

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Head of OpSec Research
  • I am a senior security content developer with Hewlett-Packard Security Research (HPSR). In this role, I write and edit security analysis and supporting content from researchers, including those from HP’s Zero Day Initiative (ZDI) program. The ZDI program augments HP’s Enterprise Security Products with zero-day research through a network of over 3,000 independent researchers around the world. I am also responsible for providing insight into the threat landscape; competitive intelligence to the research team; and providing guidance on the social media roadmap. Part of my role includes speaking publicly and promoting the research and technology of the HPSR.
  • Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program. He also tries to automate whenever he can, pulling from the devops and virtualization arenas. Josh is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force for 10 years and subsequently became a security engineer at the John Hopkins University Applied Physics Laboratory. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls.
  • Security Researcher, Software Security Research
  • Security Researcher, Zero Day Initiative
  • Steve Povolny manages the Digital Vaccine team at HP TippingPoint. The team is composed of security researchers and filter/signature developers for the Intrusion Prevention System.
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.