HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP WebInspect Pro Tips: Login Macros

Why does a scanner need a login macro?

 

A comprehensive security assessment mandates complete coverage of the target application’s attack surface. It is crucial to find and fuzz all possible inputs to the application. A typical web application is partitioned into two major sections – a protected section which requires valid login credentials for access and an unprotected section for public access. It is equally important to assess both the protected and public sections of the target application.

HP WebInspect Pro Tips: Configuring Navigation Parameters

The quality of a dynamic scan is partly dictated by the ability of the scanner to effectively communicate with the target application. The application architecture, underlying design patterns and applicable web frameworks are a few details WebInspect can effectively leverage to understand and accurately map out the attack surface of the application under test. With a variety of web technologies available, custom code, new frameworks and so forth, every scan could use a little tweak to make it more effective. This post is the first in a new series of tips and tricks that we hope will help our customers create quality scans using WebInspect.

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
Top Kudoed Posts
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.