Re: Announcing HP WebInspect 10.0 (897 Views)
Reply
Respected Contributor
HansEnders
Posts: 613
Registered: ‎07-01-2008
Message 1 of 2 (1,042 Views)

Announcing HP WebInspect 10.0

HP WebInspect v10.0

 

 

We are pleased to announce the general availability of HP WebInspect 10.0. With four out of the six most reported vulnerabilities from 2000-2012 exploitable via the web, it is clear that web applications remain a substantial target for malicious attackers.  HP WebInspect 10.0 offers features designed to help both professional pen testers and novice security testers better secure their web applications and prevent the damages a successful cyber-attack can bring. This new version simplifies the vulnerability discovery process and enables organizations to expand security testing to non-security personnel as well as to make security specialists more efficient.

 

The following summarizes the highlights in this release, with more in-depth information available in the documentation referenced below.

 

 

Key Messages:

 

Easier to get meaningful results  — HP WebInspect 10.0 makes it easier to get high-quality and meaningful results by interactively guiding the user to an optimized security test configuration, no matter how complex the underlying application.  Testers do not have to understand the nuances of the code they are testing.

 

Provides comprehensive technology support — Expert research on the latest threats and improved support for modern Web 2.0 application technologies combine to provide more confident and accurate coverage of any application.

 

Enables broader adoption   — HP WebInspect 10.0 brings sophisticated penetration testing technology to experienced and novice security testers alike, enabling broader adoption of security testing and pushing pen testing deeper into the Secure Development Life Cycle (SDLC).

 

 

What’s New:

 

Guided Scan — HP WebInspect 10.0 introduces Guided Scan, a unique interactive testing process based on a patent-pending Adaptive Component Recognition (ACR) technique for analyzing modern complex web applications and JavaScript. Guided Scan leads novice users and professional security testers alike in adapting tests to specific scenarios in custom environments where test configuration is difficult to pre-plan and troubleshoot. This augmented scan wizard provides better handling of complex scenarios such as detecting proxy misconfiguration or specific network authentication requirements. Further enhancements to workflow recording allow the logging of application interactions by users as well as the business processes tied to the application being tested, making WebInspect 10.0 more intuitive and thorough throughout.

 

Web Application Firewall/IPS Integration —  HP WebInspect 10.0 improves its integration with leading Web Application Firewalls and Intrusion Prevention Systems from F5, Imperva and HP TippingPoint to streamline application-layer protections against vulnerabilities found in production or in third-party applications. The application security testing results obtained by WebInspect is used to filter and protect the application without affecting its availability to users.

 

Enhanced support for modern applications — The technologies used to build modern, "Web 2.0" applications are continually evolving. More and more web applications make use of extensive JavaScript frameworks and AJAX for core capabilities, significantly expanding the attack surface of applications and increasing the complexity of testing them. The dynamic nature of modern applications makes it a challenge to automatically crawl and therefore properly perform security tests. HP WebInspect 10.0 responds to this challenge by introducing Adaptive Component Recognition. Rather than indiscriminately "clicking" hyperlinks and blindly processing interactable elements, this ACR technology recognizes structural patterns in a web application to organize it into logical units. For example, instead of simply analyzing a page for hyperlinks, span, and div tags with associated script events, these elements together can be recognized as grid controls, list controls, and more. Furthermore, they can be recognized as controls for specific frameworks like jQuery and extJS, enabling a better understanding of the application and ultimately resulting in the most comprehensive application security analysis of applications.

 

Enhancements to WebInspect Real-Time — HP WebInspect Real-Time combines the dynamic security testing capabilities of HP WebInspect and the runtime analysis capabilities of the HP SecurityScope agent to provide enhanced application coverage, confirmation of vulnerabilities, and line-of-code details to accelerate remediation of vulnerabilities. Enhancements to the automatic crawling capabilities of WebInspect 10.0 has served to greatly improve WebInspect Real-Time results.

 

How to Access Downloads for Customers:

HP WebInspect 10.0 is now available for  download to customers on the HP Software Updates portal. Access to the system requires an HP Passport account and knowing the customer’s HP Support Agreement ID (SAID).

  1. Select My Updates.
  2. Enter your HP Passport user id and password.
  3. Enter your SAID if one is not already attached to your Passport account.
  4. Click the View available products button.
  5. HP Fortify products are listed under the Application Security Center category.

Please continue to use support.fortify.com to access your fortify.license file (used with non-WebInspect Fortify products), creating HP Fortify support tickets and accessing the knowledge base. You will be required to input the SAID number associated with your account. If you do not know your SAID number or if you have any questions, please direct them through the support portal (support.fortify.com) or email to FortifyTechSupport@hp.com.

 

How to Access Downloads for Evaluations:

HP WebInspect 10.0 is also now available for Trial download to clients on the public product page. To have your Trial license capabilities expanded, please use the details provided in the received Activation Token e-mail to contact HP Fortify Sales.

 

More Information:

To access the HP WebInspect 10.0 data sheet,  see the WebInspect 10.0 data sheet.

If you have issues with downloads or licensing, please contact Fortify Technical Support.


-- Habeas Data
Respected Contributor
HansEnders
Posts: 613
Registered: ‎07-01-2008
Message 2 of 2 (897 Views)

Re: Announcing HP WebInspect 10.0

In June 2013, the next version WebInspect 10.10 was released:  http://h30499.www3.hp.com/t5/WebInspect/Announcing-HP-WebInspect-10-10-WebInspect-10-0-for-Tradition...


-- Habeas Data
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.